In July 2017, PayPal bought TIO Networks for $238 million. In November, the company suspended operations of the newly acquired company to investigate security vulnerabilities. Now, PayPal has announced that the personally identifiable information of up to 1.6 million people may have been exposed.

According to a PayPal press release, an “ongoing investigation has identified evidence of unauthorized access to TIO’s network, including locations that stored personal information of some of TIO’s customers and customers of TIO billers.”

Bradley Barth from SC Media reports that it’s uncertain if the timing of the original data breach happened before or after the purchase of TIO. Quoting a company spokesperson, Barth writes “the company ‘found enough evidence of potential exposure to treat this incident as a data breach’ and alert the authorities and relevant parties.”

Read the full story at SC Media.