PayPal has “identified a potential compromise of personally identifiable information for approximately 1.6 million customers.”
The good news ist that PayPal is not to blame for the likely leak. Fault can instead be ascribed to TIO Networks, a Canadian payments outfit that PayPal paid US$233m to acquire in February 2017.
That deal closed in July 2017 and PayPal has since reviewed TIO's systems and turned up problems that saw it suspend TIO's operations on November 10th, 2017.
TIO's canned statement stated those efforts “uncovered evidence of unauthorized access to TIO’s network, including locations that stored personal information of some of TIO’s customers and customers of TIO billers.”
The company has not yet contacted all customers, billers and retailers affected by the leak, but has said it's trying to do so as fast as possible.
In the interim, customers have been offered free credit checks and identity theft insurance. TIO's FAQ also delivered the bad news that users have some administrivia to do:
At this point, TIO cannot provide a timeline for restoring bill pay services, and continues to recommend that you contact your biller to identify alternative ways to pay your bills. We sincerely apologize for any inconvenience caused to you by the disruption of TIO’s service.
“We will continue to communicate important updates to customers,” TIO promised in its canned statement. ®