Duke Energy says some 370,000 customers may have had some of their personal information compromised after a vendor that processes payments made to Duke at walk-in stores was apparently hacked.
In a statement, the VP of Revenue Services for Duke Energy, Lesley Quick, said "This TIO Networks issue has possibly and unfortunately affected some of our customers, and we are doing all we can to help".
The ongoing investigation uncovered evidence of unauthorised access to TIO's network, including locations that stored personal information of some of TIO's customers and customers of TIO billers.
PayPal announced the suspension of TIO Networks' operations in November due to its "discovery of security vulnerabilities on the TIO platform and issues with TIO's data security program that do not adhere to PayPal's information security standards".
It stressed that no PayPal data has been compromised as its systems are completely separate from TIOs and that it had started contacting those who may have been affected.
PayPal paid $233 million in cash to acquire TIO Networks in July this year. It is also working with consumer credit reporting agency Experian to provide free credit monitoring memberships.
PayPal launched an internal investigation into the newly-acquired firm's business and hired a third-party cyberforensics company to review the TIO bill payment platform after suspending operations, revealing the data breach. "We will continue to communicate important updates to customers", TIO added.