On December 1, PayPal disclosed that an ongoing investigation into identify security vulnerabilities identified a data breach that may have compromised personally identifiable information for roughly 1.6 million customers at a payment processing company PayPal acquired earlier this year (TIO Networks). According to PayPal, it found evidence of unauthorized access to TIO's computer network, including some portions where the personal information of TIO's customers was stored. PayPal has stated that its own platform "is not impacted in any way, as [TIO's] systems are completely separate from the PayPal network, and PayPal's customers' data remains secure." TIO has begun notifying those potentially impacted by the security issue, and PayPal has signed up credit reporting agency Experian to provide free credit monitoring (12 months for all affected individuals and 24 months for those whose social security number was impacted) and identity theft protection to customers who have been verified as victims. View PayPal's press release on the breach here.
Check out our series, Privacy Perils, to learn what steps you can take to guard your personal and company data. For more information about this topic and other cyber security concerns, please contact Bob Brewer, Tony McFarland, Elizabeth Warren or a member of our Privacy & Data Security team.