PayPal notified clients on Friday that private data for 1.6 million individuals may have been stolen by hackers who breached the systems of its subsidiary TIO Networks, which is a Canadian organization that operates a network of over 60,000 utility and bills payment kiosks across North America. PayPal acquired it in July 2017 for $238 million in cash.
On November 10, PayPal said that TIO had suspended operations in an attempt to protect clients following the discovery of security flaws on the subsidiary’s platform.
According to PayPal:
This ongoing investigation has identified evidence of unauthorized access to TIO’s network, including locations that stored personal information of some of TIO’s customers and customers of TIO billers. As a result, PayPal is taking steps to protect affected customers.
The payments giant said that the PayPal platform is not affected in any way, because the TIO systems are totally separate from the PayPal network, and PayPal’s clients’ data remains secure.
“PayPal is working with a consumer credit reporting agency to provide free credit monitoring memberships. Individuals who are affected will be contacted directly and receive instructions to sign up for monitoring.”
TIO said that the services will not be completely restored until it’s sure that its systems and network are secure.