PayPal Acquired a Company for $233 Million and It Leaked 1.6 Million Customer Records


In yet another data breach of the year, PayPal has admitted that it was an indirect victim of a security breach that resulted in the leak of over 1.6 million customers' data. The leak apparently happened through TIO networks - a company that PayPal recently acquired. TIO networks that runs a network of over 60,000 utility and bills payment kiosks across North America was acquired by Paypal earlier this year for $233 million.

PayPal first reported a potential breach on November 10 when it announced having suspended the operations of TIO network, but didn't provide any details. PayPal has now said it has "identified a potential compromise of personally identifiable information for approximately 1.6 million customers."

PayPal Issues $59M in Stock as part of iZettle Deal

A review of TIO’s network has identified a potential compromise of personally identifiable information for approximately 1.6 million customers. The PayPal platform is not impacted in any way, as the TIO systems are completely separate from the PayPal network, and PayPal’s customers’ data remains secure.

In its own statement, TIO suggested that PayPal was reviewing TIO's systems following the July acquisition and "uncovered evidence of unauthorized access to TIO’s network, including locations that stored personal information of some of TIO’s customers and customers of TIO billers."

As the European General Data Protection Regulation (GDPR) looms, the companies will be required to notify clients within 72 hours or they could risk heavy fines in Europe. PayPal was quick to add that its own systems and clients remain unaffected and that it will directly notify affected victims. PayPal added:

TIO has also begun working with the companies it services to notify potentially affected individuals, and PayPal is working with a consumer credit reporting agency to provide free credit monitoring memberships. Individuals who are affected will be contacted directly and receive instructions to sign up for monitoring.

The company is currently in the process of notifying its clients that may have been affected by this breach. Customers have been offered free credit checks and identity theft insurance. TIO said at the moment, it "cannot provide a timeline for restoring bill payment services, and continues to recommend that you contact your biller to identify alternative ways to pay your bills."