The Daily Swig Web security digest

PayPal subsidiary suffers data breach

James Walker | 04 December 2017 at 12:27

TIO services will remain offline until network vulnerabilities are patched.

Canadian payment processing firm TIO Networks has suffered a data breach that resulted in the personally identifiable information of around 1.6 million people being compromised, parent company PayPal Holdings has revealed.

Vancouver-based TIO was snapped up by PayPal for $238 million in July, as part of the Silicon Valley payments giant’s global expansion program.

While the transaction was aimed at advancing the company’s ability to offer digital financial services to “tens of millions of underserved customers”, PayPal suspended TIO’s operations last month following the discovery of security vulnerabilities in its platform and issues with its data security program.

Providing an update to the market on Friday, PayPal said a review of TIO’s networks has identified a potential compromise of personally identifiable information for approximately 1.6 million customers.

“The PayPal platform is not impacted in any way, as the TIO systems are completely separate from the PayPal network, and PayPal’s customers’ data remains secure,” the company said.

TIO, which facilitated more than $7 billion of consumer bill payments last year, is now in the process of notifying potentially affected individuals.

“PayPal is working with a consumer credit reporting agency to provide free credit monitoring memberships,” the company stated. “Individuals who are affected will be contacted directly and receive instructions to sign up for monitoring.”

PayPal said TIO’s services will remain offline until the company is confident in the security of its network.