• by Ray Schultz , December 4, 2017

TIO Networks, a Canadian subsidiary of PayPal, was hit with a data breach that may have exposed personal information from over one million consumers. 

In announcing the news late Friday, PayPal said its systems are separate from those of TIO and that its own data was not compromised. PayPal acquired the publicly traded payment processor last July.

PayPal suspended TIO Network’s operations on November 10 to investigate security vulnerabilities in the TIO platform and the possible breach.  

That probe revealed “a potential compromise of personally identifiable information for approximately 1.6 million customers,” PayPal said.

The review uncovered evidence of “unauthorized access to TIO’s network, including locations that stored personal information of some of TIO’s customers and customers of TIO billers,” TIO added.

PayPal brought in “additional third-party cybersecurity expertise to review TIO’s bill payment platform,” TIO continued.

In November, TIO said the investigation would also look at its “practices and representations prior to the acquisition.” 

TIO has notified customers, and is working with Experian to offer them a free 12-month Experian credit monitoring membership. This includes benefits such as a credit report, and active credit monitoring for fraud and identity theft. Victims whose Social Security numbers were exposed are being provided with 24 months.