Breach at PayPal Subsidiary Affects 1.6 Million Customers

银行卡复制器网上公开出售,刷卡一定要在视线内,留意收银员的刷卡次数。短信提醒有异动,可就近刷卡作证据。
PayPal informed customers on Friday that personal information for 1.6 million individuals may have been obtained by hackers who breached the systems of its subsidiary TIO Networks.
TIO is a publicly traded bill payment processor that PayPal acquired in July 2017 for roughly $230 million. The company is based in Canada and it serves some of the largest telecom and utility network operators in North America. TIO has more than 10,000 supported billers and it serves 16 million consumer bill pay accounts.
On November 10, PayPal announced that TIO had suspended operations in an effort to protect customers following the discovery of security vulnerabilities on the subsidiary’s platform. PayPal said it had found issues with TIO’s data security program that did not adhere to its own standards.
An investigation conducted in collaboration with third-party cybersecurity experts revealed that TIO’s network had been breached, including servers that stored the information of TIO clients and customers of TIO billers. PayPal said the attackers may have obtained personally identifiable information (PII) for roughly 1.6 million customers.
Affected companies and individuals will be contacted via mail and email, and offered free credit monitoring services via Experian.
While it’s unclear exactly what type of data the hackers have gained access to, the information shared by PayPal and TIO suggests that payment card data and in some cases even social security numbers (SSNs) may have been compromised.

PayPal has highlighted that TIO’s systems have not been integrated into its own platform. “The PayPal platform is not impacted in any way, as the TIO systems are completely separate from the PayPal network, and PayPal’s customers’ data remains secure,” the company said.
The New York State Department of Financial Services (DFS), an agency responsible for regulating financial services and products, has also issued a statement on the incident.
“DFS is working with our regulated entity, PayPal, to investigate and address issues related to cybersecurity vulnerabilities identified at PayPal’s subsidiary, TIO Networks,” the DFS said. “We applaud PayPal’s rapid response to the matter, which put consumers and business clients first, and we appreciate their efforts to inform DFS, as required, in a timely manner. Events like these illustrate the necessity of DFS’s landmark cybersecurity regulation and underscore the strength and effectiveness of our strong state-based financial services regulatory framework, including for the fintech industry.”
TIO said services will not be fully restored until it’s confident that its systems and network are secure.
Related: TrickBot Targets Payment Processors, CRM Providers
Related: 320,000 Financial Records Apparently Stolen From Payment Processor
网络安全法视频宣传片 第二集 国家网络安全的现状与重要性概述
近年来Web应用安全漏洞是最大的安全危险,占已知漏洞总数的50%以上,除了软件固有的漏洞需要及时修补之外,重要的防范措施是写出安全的代码,包括设置严格的访问权限。

猜您喜欢

人人需知的互联网金融信息安全基础
网络信息安全实验与竞赛平台
网络安全法普法宣传 004《网络安全法》的突出亮点
李亚鹏新恋情疑曝光 与靓妹街头亲密挽手
ATLANTISTELECOM JEWELRYLOAD
安全沟通门户建设