SAN FRANCISCO — A payment processing company acquired by PayPal has revealed that as many as 1.6 million of its customers may have had personal information stolen in a data breach.
TIO Networks announced in November it was suspending operations due to PayPal's discovery of security vulnerabilities on the TIO platform.
Then late last week TIO Networks admitted hackers potentially stole personally identifiable information, and possibly financial data, for as many as 1.6 million of its customers.
PayPal paid $238 million in July for Canadian-based TIO Networks, which serves customers who pay utility and cable bills in cash at kiosks and walk-in locations at convenience stores, supermarkets, pharmacies and other retail stores. Many of its customers don’t have bank accounts and rely on the service to pay their bills.
In an email to USA TODAY, PayPal noted that it has not found actual proof of data being taken from the TIO network but instead found enough evidence of potential exposure to treat the incident as a data breach and notify consumers, billers, retailers, agents and authorities.
The disclosure stands in sharp contrast to news last month that Uber had been hacked and that personal information belonging to about 57 million of its customers and drivers was stolen while the company kept the breach hidden by paying off the hackers.
PayPal's platform itself was not impacted in any way, as the TIO systems were completely separate from the PayPal network, and PayPal’s customers’ data remains secure, PayPal said in a statement.
PayPal is working with a consumer credit reporting agency to provide affected customers free credit monitoring.
At the time of the acquisition TIO said it had processed about $7 billion in bill payments in 2016 for its 14 million customers and that it had 65,000 retail locations in North America.
► Make it easy to keep up to date with more stories like this. Download the WFMY News 2 App now