1.6 Million Users Affected by Breach on PayPal’s TIO Network
PayPal announced they have suspended operations of TIO Networks since they discovered a breach that may have affected as many as 1.6 million customers. TIO, which was purchased by PayPal in July 2017 for $238 million, is a payment processor that has approximately 16 million customers.
There are no specific details as to what information was accessed, but PayPal has stated an unauthorized party was able to take advantage of security vulnerabilities and access personally identifiable information of TIO’s customers and billers, including names, login credentials, and, in some cases, social security numbers. ZDNet reports that financial data could have been leaked.
Services at TIO were suspended on November 10 when PayPal discovered the security issue. At that time, they also hired a third-party cybersecurity expert and launched an internal investigation to determine whether TIO had accurately represented its practices before it was acquired by PayPal, according to a TIO press release. PayPal has not announced when TIO services would be restored, and on its website, TIO has said they will not restore services until the network has been appropriately secured.
“At this point, TIO cannot provide a timeline for restoring bill pay services, and continues to recommend that you contact your biller to identify alternative ways to pay your bills. We sincerely apologize for any inconvenience caused to you by the disruption of TIO’s service.”
PayPal assured customers their users were not affected by this breach, as TIO systems are separate from the PayPal network. Both PayPal and TIO are contacting affected customers and offering them a year of free credit monitoring. If a customer’s social security number was exposed, they will receive two years of free credit monitoring. All affected customers will receive $1 million in identity theft insurance.