PayPal Discloses Breach of 1.6 Million Accounts at TIO Networks | eWeek

PayPal Unit TIO Networks Discloses Breach of 1.6 Million Accounts

Equifax Inept Security
Dec 4, 2017
2 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

PayPal Holdings revealed on Dec. 1 that its TIO Networks payment processing service was the victim of a data breach, impacting 1.6 million customers.

Paypal acquired TIO in July 2017 for $238 million to help bolster its electronic payment portfolio. It’s not clear at this point, if TIO was breached prior to the Paypal acquisition. What is known is that Paypal became suspicious as early as Nov. 10,.

“As announced on November 10, PayPal suspended the operations of TIO to protect customer data as part of an ongoing investigation of security vulnerabilities of the TIO platform,” Paypla stated. “This ongoing investigation has identified evidence of unauthorized access to TIO’s network, including locations that stored personal information of some of TIO’s customers and customers of TIO billers.”


Paypal noted in its disclosure that the TIO Networks systems are separate from the PayPal network and there is no direct impact to PayPal’s users. PayPal added that TIO is now in the process of contacting impacted customers and will be offering free credit monitoring and identity protection services from Experian.

“We are committed to addressing this situation as quickly and efficiently as possible, in a manner that protects customers and their data,” TIO Networks stated. “In the meantime, all affected customers are strongly encouraged to take advantage of the credit monitoring services.”

The TIO Networks service itself is still offline and PayPal has stated that services will not resume until confidence in the security of the TIO platform has been restored.

“At this point, TIO cannot provide a timeline for restoring bill pay services, and continues to recommend that you contact your biller to identify alternative ways to pay your bills,” TIO stated in a Frequently Asked Questions (FAQ) page about the data breach.

PayPal isn’t the first organization this year to buy a company and find out post-close that there was a data breach. On Sept. 18, security firm Avast publicly disclosed that Piriform and its popular CCleaner tool were the victims of a data breach. The Piriform breach occurred prior to Avast acquiring Pirifom in July 2017, though neither company was apparently aware of the breach until September.

“I don’t have inside knowledge here, but based on the telemetry from the outside it seems they (PayPal) found this out after closing their deal to acquire TIO,” Jonathan Sander, CTO, STEALTHbits Technologies told eWEEK. “PayPal did all the right things once they knew about the breach it seems, but one thing they maybe could have done was bring security to the table during the acquisition process itself.”

Sander added that corporate board rooms are learning lessons slowly about how bad security posture translates to reputation damage and ultimately impacts the bottom line.

“One area that has yet to incorporate security fully is the corporate development specialists doing M&A work—and that’s most places, not specifically PayPal,” he said.

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.