A Data Breach That Could Have Affected Tallahassee Utility Customers
Latest news is that a data breach that has happened to an outside vendor, a company that served as a payment processor, could have affected lots of utility customers in Tallahassee city.
Tripwire.com reports- “Tallahassee Treasurer Clerk Jim Cooke is warning that a breach at TIO Networks, a company used by Florida’s capital to help people pay their bills, might have affected an untold number of utility customers in the area. He estimates that about 10 percent of local utility customers use remote locations to pay their bills. Even so, it’s difficult to hone in on who exactly might be victims of the incident.”
The breach came to light when, in mid-November last year, PayPal Holdings, Inc. announced its decisions to suspend operations of TIO Networks. Business Wire had reported- “As announced on November 10, PayPal suspended the operations of TIO to protect customer data as part of an ongoing investigation of security vulnerabilities of the TIO platform. This ongoing investigation has identified evidence of unauthorized access to TIO’s network, including locations that stored personal information of some of TIO’s customers and customers of TIO billers. As a result, PayPal is taking steps to protect affected customers.”
Reports indicated the identification of a potential compromise of personal information of about 1.6 million customers; this reportedly included customers’ names, addresses, and banking information.
TIO Networks also came up with a notice about the data breach, which said- “TIO Networks was acquired by PayPal Holdings, Inc. (“PayPal”) on July 18, 2017. On November 10, TIO’s operations were suspended after the discovery of security vulnerabilities in its systems. The investigation to date has uncovered evidence of unauthorized access to the TIO network, including locations that stored personal information of some of TIO’s customers and customers of the companies that TIO services. We have no proof, however, that your data was accessed, acquired, or misused. The PayPal platform, which is separate from the TIO network, is not impacted by this situation in any way and PayPal’s customers’ data remains secure.”
The notice also explains as to what kind of information could be affected- “Although we have no proof that your data was accessed, acquired, or misused, we are notifying you in an abundance of caution because the TIO servers involved in this incident stored data such as customer names, contact information, and subscriber/billing account numbers. The TIO systems also stored personal information such as payment card information, bank account information, Social Security and other government identification numbers, and account usernames and passwords.”
TIO Networks has clarified that customers who have been impacted due to the data breach might include customers who had used TIO’s web application (www.tio.com) or retail kiosks, or had used TIO’s services to pay for services from certain companies (the list of companies has been given in the release).
TIO is doing all that is needed to handle the situation. Says the TIO release- “We sincerely regret this incident and are working hard to protect you and your personal information. In addition to suspending its services, TIO contacted the appropriate law enforcement and other authorities, and has brought in outside cybersecurity experts to investigate…We are also providing you with one year of complimentary identity protection that includes credit monitoring, identity theft insurance, and assistance with combating identity theft and fraud should any be detected.”
Kevin Jones951 Posts
Kevin Jones, Ph.D., is a research associate and a Cyber Security Author with experience in Penetration Testing, Vulnerability Assessments, Monitoring solutions, Surveillance and Offensive technologies etc. Currently, he is a freelance writer on latest security news and other happenings. He has authored numerous articles and exploits which can be found on popular sites like hackercombat.com and others.