Another day, another data breach: This time it's with a PayPal-acquired firm

Ongoing probe finds evidence of unauthorised access

Another day, another data breach: This time it's with a PayPal-acquired firm

Cyber

By Terry Gangcuangco

Just three days ago we told you about a landmark case being brought against technology giant Google for its alleged unlawful ‘harvesting’ of personal information from Apple iPhone users. Now it has been revealed that personally identifiable information for approximately 1.6 million customers of TIO Networks – a payment processor acquired by PayPal barely five months ago – may have been compromised.

While the two cases differ in that the latter is not an allegedly deliberate move by the platform itself, they still serve as a strong reminder of the issue surrounding data protection. Remember that survey we told you about in October which found that 39% of 250 insurance brokers in the UK are not even aware of the General Data Protection Regulation (GDPR) that is coming into effect in 2018?

The operations of TIO were suspended by PayPal last month in order to safeguard customer data while a probe looked into the former’s security weaknesses.

“This suspension of services is a result of PayPal’s discovery of security vulnerabilities on the TIO platform and issues with TIO’s data security programme that do not adhere to PayPal’s information security standards,” said PayPal in November.

Now the ongoing investigation has identified evidence of unauthorised access to the platform’s network. Worryingly, this included locations that not only accessed but also stored personal information of some of TIO’s customers, as well as customers of TIO billers.

PayPal said, as a result, it is taking steps to protect affected customers while TIO coordinates with the companies it services to notify potentially affected individuals. It is also working with consumer credit reporting agency Experian to provide free credit monitoring memberships.

“We greatly appreciate the support of our billing partners, retailers, agents, and consumers during this time,” said TIO in an update posted on its website. “We will continue to communicate important updates to customers.”

Meanwhile PayPal assured: “The PayPal platform is not impacted in any way, as the TIO systems are completely separate from the PayPal network, and PayPal’s customers’ data remains secure.”


Related stories:
Tackle cyber breach like you would a fire - experts
GDPR an opportunity for SME brokers, says Broker Network

Keep up with the latest news and events

Join our mailing list, it’s free!