PayPal company TIO says 1.6M users hit by data breach
SAN FRANCISCO – A payment processing company acquired by PayPal has revealed that as many as
1.6 million of its customers may have had personal information stolen in a data breach.
TIO Networks announced in November it was suspending operations because of PayPal’s discovery of security vulnerabilities on the TIO platform.
Then late last week TIO Networks admitted hackers potentially stole personally identifiable information, and possibly financial data, for as many as
1.6 million of its customers.
PayPal paid $238 million in July for Canadianbased TIO Networks, which serves customers who pay utility and cable bills in cash at kiosks and walkin locations at convenience stores, supermarkets, pharmacies and other retail stores. Many of its customers don’t have bank accounts and rely on the service to pay their bills.
In an email to USA TODAY, PayPal noted that it has not found actual proof of data being taken from the TIO network but instead found enough evidence of potential exposure to treat the incident as a data breach and notify consumers, billers, retailers, agents and authorities.
The disclosure stands in sharp contrast to news last month that ride-hailing service Uber had been hacked and that personal information belonging to about 57 million of its customers and drivers was stolen while the company kept the breach hidden by paying off the hackers.
PayPal’s platform itself was not affected in any way, as the TIO systems were completely separate from the PayPal network.
PayPal customers’ data remains secure, PayPal said in a statement.
PayPal is working with a consumer credit reporting agency to provide affected customers free credit monitoring.
At the time of the acquisition, TIO said it had processed about $7 billion in bill payments in 2016 for its
14 million customers and that it had 65,000 retail locations in North America.