PayPal reports Data Breach Affects 1.6M TIO Customers
In an effort to expand its operations, PayPal Holdings, Inc. acquired TIO Networks, a multi-channel bill payment processor that serves over 16 million accounts, in July 2017 for $238 million. However, on November 10, PayPal abruptly announced that it was suspending operations of its new acquisition. The company admitted to a security breach but provided no further explanation.
On December 1, PayPal issued a press release outlining the details of the incident. During their review, they identified a potential compromise that puts personal identifiable information of over 1.6 million customers at risk. An ongoing investigation revealed evidence of unauthorized access to TIO’s network that stores the information of TIO customers and customers of TIO billers. According to a spokeswoman, the possibly accessed data includes names, addresses, bank account details, Social Security numbers and credentials of users who pay bills with TIO.
The TIO website site has currently been replaced with a detailed guide for its customers, highlighting the significance of the incident. Notifications are already going out to potentially affected users, and PayPal is offering free credit monitoring services for those in need.
Mitigation and Solutions
This breach echoes the major Equifax breach just earlier this year. The credit reporting agency lost control of millions of records, and all customers were advised to err on the side of caution. Although there are significantly less TIO customers affected, the same precautions apply:
- Be aware of the effects of stolen information. PII can be used to open a bank account, and even apply for a loan or a mortgage.
- Be careful of Social Security number scams. Criminals can use your SSN, name, and address to defraud banks and government organizations. They can also steal your Social Security benefits and receive medical care under your name. A stolen SSN can impact your life for years.
- Be careful of phishing schemes and fake websites. Criminals use trending news to bait users, and craft fake headlines in phishing emails to push users into opening malicious links. They also set up fake “support” websites that look very similar to legitimate ones.
The versatility of PII allows cybercriminals to get creative with their actions, and users should be prepared. Trend Micro offers solutions to combat phishing and fake websites. Trend Micro™ Maximum Security provides multi-device protection so that users can freely and safely go about their business in the digital world. Maximum Security also includes ransomware protection, blocks malicious links in email and IM, and provides anti-spam filters as well as effective anti-phishing features.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
- Ransomware Spotlight: TargetCompany
- Email Threat Landscape Report: Cybercriminal Tactics, Techniques That Organizations Need to Know
- Preventing an Imminent Ransomware Attack With Early Detection and Investigation
- Inside the Halls of a Cybercrime Business
- Securing Cloud-Native Environments with Zero Trust: Real-World Attack Cases