PayPal says that one of the companies it recently acquired suffered a security incident during which an attacker appears to have accessed servers that stored information for 1.6 million customers.
The victim of the security breach is TIO Networks, a Canadian company that runs a network of over 60,000 utility and bills payment kiosks across North America. PayPal acquired TIO Networks this past July for $238 million in cash.
On November 10, PayPal suspended the operations of TIO's network. The company admitted that a security breach took place, but did not provide any other details.
In a press release published in a late Friday afternoon news dump, PayPal provided more details about the incident.
PayPal says the intruder(s) got access to the personal information of both TIO customers and customers of TIO billers. The company did not reveal what type of information the attacker accessed, but since this is a payment system, attackers most likely obtained both personally-identifiable information (PII) and financial details.
As data breach laws impose, PayPal has now started notifying customers and is offering free credit monitoring memberships. TIO users can also visit the TIO Networks website for more details.