Just three days ago we told you about a landmark case being brought against technology giant Google for its alleged unlawful ‘harvesting’ of personal information from Apple iPhone users. Now it has been revealed that personally identifiable information for approximately 1.6 million customers of TIO Networks – a payment processor acquired by PayPal barely five months ago – may have been compromised.
While the two cases differ in that the latter is not an allegedly deliberate move by the platform itself, they still serve as a strong reminder of the issue surrounding data protection.
The operations of TIO were suspended by PayPal last month in order to safeguard customer data while a probe looked into the former’s security weaknesses.
“This suspension of services is a result of PayPal’s discovery of security vulnerabilities on the TIO platform and issues with TIO’s data security programme that do not adhere to PayPal’s information security standards,” said PayPal in November.
Now the ongoing investigation has identified evidence of unauthorised access to the platform’s network. Worryingly, this included locations that not only accessed but also stored personal information of some of TIO’s customers, as well as customers of TIO billers.
PayPal said, as a result, it is taking steps to protect affected customers while TIO coordinates with the companies it services to notify potentially affected individuals. It is also working with consumer credit reporting agency Experian to provide free credit monitoring memberships.
“We greatly appreciate the support of our billing partners, retailers, agents, and consumers during this time,” said TIO in an update posted on its website. “We will continue to communicate important updates to customers.”
Meanwhile PayPal assured: “The PayPal platform is not impacted in any way, as the TIO systems are completely separate from the PayPal network, and PayPal’s customers’ data remains secure.”
Related stories:
British group takes legal action against 'trust violating' Google
Expert discusses insurance lessons from Uber hack