PayPal says it has identified a potential compromise of personally identifiable information for approximately 1.6 million customers of TIO Networks, the bill payment platform it acquired for $233 million in July.
PayPal suspended the operations of TIO in November, after discovering a number of unidentified security vulnerabilities and initiating an internal investigation to review the platform.
In an update on progress, PayPal says the ongoing investigation has identified evidence of unauthorised access to TIO’s network, "including locations that stored personal information of some of TIO’s customers and customers of TIO billers".
Acquired as part of PayPal's strategy for driving financial inclusion, TIO services a network of 900 bill-pay kiosks, 10,000 billers, and some 65,000 walk-in locations.
While the suspension of service has left TIO billers afloat, the ultimate outcome may be even more damaging should PayPal decide to unwind the purchase. The firm confirms that a line of inquiry includes a review of "TIO’s practices and representations prior to the acquisition".