Paysafe has revealed that 7.8m customer records were leaked in breaches that occurred in 2009 and 2010.
The company, which largely services online gambling firms, said in a statement to the London Stock Exchange: "The illegally-obtained data in the hands of third parties relates to limited account details from 3.6m NETELLER accounts and basic personal details relating to 4.2m Skrill accounts."
It said that fewer than 2% of the accounts were active in the six months up to 1 November 2015, and the data involved does not include passwords, card data or bank account information. It also brought in a major accounting firm, which verified the findings of its investigation.
A source close to the company told CBR that the regulator, then the Financial Services Authority (FSA,) was informed at the time of the breach at the time, and that monitoring was updated, and that the firm continues to invest in cyber security.
The breach was not made public at the time. The company was previously known as Optial Payments.
The attack on Neteller was done through a vulnerability in the popular Joomla content management system. The Moneybookers (now known as Skrill) breach involved a VPN being hacked, giving access to a transaction database.
As with the VTech breach, security expert security expert Troy Hunt made the information public, having found the databases out in the wild. He brought the information to Forbes.com, and uploaded the data to his Have I be Pwned website.
