PayPal has acknowledged after weeks of investigation that its Vancouver-based online and mobile bill payment subsidiary, TIO Networks, suffered a data breach that potentially exposed personal information of 1.6 million of its customer base, which covers Canada and the U.S.
“The ongoing investigation has uncovered evidence of unauthorized access to TIO’s network, including locations that stored personal information of some of TIO’s customers and customers of TIO billers,” the division said in a statement Friday afternoon.
There were no details of how many exposed accounts were Canadian customers. PayPal emphasized that its data is held separately from TIO Networks’ and was not affected.
However, in an email this morning to ITWorldCanada.com PayPal spokesman Justin Higgs said “the important thing to note is that this is a potential compromise of information. We are treating the situation as a breach and taking appropriate actions, but there is no evidence that this data compromise has in fact occurred.”
The announcement comes after PayPal suspended operations of TIO Networks on Nov. 10 “to protect customer data as part of an ongoing investigation of security vulnerabilities.” Now the parent company admits it found evidence of a breach. TIO service won’t be restored, PayPal said, until it is confident
It is working with an unnamed consumer credit reporting agency to provide free credit monitoring memberships to affected victims. They will be contacted directly and receive instructions to sign up for monitoring.
PayPal Holdings Inc. bought TIO only nine months ago for $302 million. Until business was suspended TIO operated as a separate service within PayPal.
At the time of the deal, TIO was described by the partners as “a leading multi-channel bill payment processor in North America.” It processed more than US$7 billion in consumer bill payments to telecom, wireless, cable, and utilities in fiscal 2016. TIO said it served 16 million consumer bill pay accounts, although that includes people who had more than one account. It specialized in offering expedited bill payment services to more than 10,000 supported billers and numerous direct relationships with billers.
Known as a service for helping people securely buy goods on the Internet, PayPal bought TIO Networks to expand into the bill payment sector. “Expanding into multi-channel bill payments through the acquisition of TIO furthers this mission and will meaningfully advance our ability to offer digital financial services to tens of millions of underserved customers,” CEO Dan Schulman said at the time.