PayPal’s TIO Networks Hit With Data Breach

December 6, 2017         By: Steven Anderson

Another day, another data breach; it’s not just a pithy commentary about the nature of our interconnected society and the role of data and mobile payments therein. Increasingly, it’s an accurate description of the news cycle in general. This data breach happened to PayPal’s TIO Networks unit, an operation devoted to digital bill payment tools and retail store kiosks.

The TIO Networks breach may have impacted as many as 1.6 million users, and PayPal discovered the breach during a closer examination of TIO Networks’ current vulnerabilities. The examination revealed not only vulnerabilities but vulnerabilities that may have already been taken advantage of, with user information potentially compromised.

It’s unclear just how far the problem went, with information affected ranging from publicly-available material like names and addresses to potentially disastrous information like bank account data and Social Security numbers.

The extent of what actually reached the criminal element, meanwhile, depends largely on just how many of TIO’s services were used. One service apparently had all customer data exposed, but not much was taken beyond TIO.

PayPal originally picked up TIO back in July, planning to use it as a means to reach customers who weren’t involved in traditional accounts. PayPal spent around $238 million to acquire the company, and now will shell out even more as it’s set to offer Experian credit monitoring services at no charge to affected users.

It’s a major problem for anyone who used TIO services, but at least PayPal is on top of the problem and offering a reasonably appropriate response. It’s told users quickly, it’s currently working with the New York State Department of Financial Services on investigations, and it’s offering credit monitoring services to hopefully ameliorate the worst of potential problems that could hit as a result.

It’s impossible to prevent all data breaches. Those who would actually perpetrate such things are constantly working on new tools and methods to stage breaches, and it’s impossible for the targeted systems to protect accordingly. Of course, there are some ways to better ensure protection, like encrypting data instead of just relying on perimeter defenses to protect unencrypted data from outside access. ¬†Still, we learn from mistakes, and as our systems improve, we may well one day reach a day when data breaches are rare and easily addressed.