Duke Energy officials said customers whose info may have been accessed will receive instructions from TIO on how to register for one year of complimentary credit monitoring. "As a result, PayPal is taking steps to protect affected customers".
Now it has been revealed that personally identifiable information for approximately 1.6 million customers of TIO Networks - a payment processor acquired by PayPal barely five months ago - may have been compromised.
The third-party vendor in question is TIO Networks' Global Express, which was recently acquired by PayPal.
Mosier said personal information that may have been compromised includes, name, address, Duke Energy account number, account balance and banking information, if the customer paid by check.
TIO's platform, thankfully, has not been integrated into PayPal's business, which means users of the latter have not been impacted by the latest disclosure.
'At this point, TIO can not provide a timeline for restoring bill pay services and continues to recommend that you contact your biller to identify alternative ways to pay your bills.
The company suspended operations in November while PayPal, which only bought TIO for $238 million back in July, investigated the vulnerabilities of the platform. While PayPal said it has not found actual proof that data was stolen, it found enough evidence to treat the vulnerability as a data breach. It added that TIO's services "will not be fully restored until we are confident in the security of the TIO systems and network". We sincerely apologise for any inconvenience caused to you by the disruption of TIO's service, ' said TIO Networks in a statement.