TIO Networks was acquired by PayPal in July in a deal put at US$238 million.
A statement from PayPal said its own platform was not affected by the breach.
Operations at TIO were suspended on 10 November as part of an ongoing investigation of security vulnerabilities on the platform.
"TIO has begun working with the companies it services to notify potentially affected individuals.
"We are working with a consumer credit reporting agency to provide free credit monitoring memberships. Individuals who are affected will be contacted directly and receive instructions to sign up for monitoring.
"We greatly appreciate the support of our billing partners, retailers, agents and consumers during this time. We will continue to communicate important updates to customers."