Thursday , March 28, 2024

PayPal Says Its TIO Probe Found Evidence of a Breach Affecting Potentially 1.6 Million Customers

PayPal Holdings Inc. and its TIO Networks unit are arranging free credit monitoring for consumers after finding evidence of a data breach at TIO that the companies say has potentially affected personally identifiable information for about 1.6 million customers of TIO’s bill-pay service. The unauthorized access could have compromised data for both customers of TIO and those of TIO’s client billers, TIO said.

PayPal, which suspended operations at TIO on Nov. 10 following its discovery of an unspecified security issue, announced evidence of the breach and the credit-monitoring offer on Friday. The credit-monitoring service is available through Experian PLC, a Dublin, Ireland, based credit-reporting company. For now, TIO says it has no plans to restore service “until we are confident in the security of the TIO systems and network.”

Vancouver, British Columbia-based TIO, which PayPal acquired earlier this year for $233 million, processes payments for some 10,000 billers through a network of 900 kiosks and 65,000 walk-in locations. It services 14 million consumer accounts and in 2016 generated $7 billion in dollar volume.

The exact nature of the security vulnerability at TIO had been unclear since Nov. 10, when PayPal announced a possible issue and said it was shutting down the network’s operations in response. Five days later, PayPal said it was restoring limited service while it continued to investigate the issue.

“The operations of TIO Networks were suspended to protect customer data as part of an ongoing investigation of security vulnerabilities of the TIO platform. We have been working tirelessly to conduct a thorough review and get to the bottom of the situation. Now we have a clearer picture,” TIO said Friday in an update posted to its Web site.

The 20-year-old company, which PayPal acquired in part to help support a strategy of serving underbanked consumers, said it is also working with its clients to notify potentially affected consumers.

PayPal says its own operations were not affected by the potential breach.

Check Also

Buying Groups Might—or Might Not—Give Merchants More Negotiating Power with the Card Networks

Card-acceptance costs and network rules weren’t the only subjects covered by the sweeping settlement revealed …

Digital Transactions