In July 2017, PayPal acquired the payment processor company called TIO Networks. In early December, PayPal suspended TIO's operations after a review of TIO’s network identified a potential security breach of personally identifiable information for approximately 1.6 million customers.
The compromised data included bank account information, payment card information, passwords and usernames for accounts and Social Security numbers.
The TIO computer network was kept segregated from PayPal’s, so PayPal systems were not compromised. However the event represented a public relations issue for Paypal who were keen to avoid PayPal and data breach appearing in the same sentence.
The case provides a good lesson on quarantining new systems during acquisitions until fully vetted in order to prevent a data breach from spreading across company systems.
Want to discuss this case? You can purchase a 30 minute conference call with our analysts to discuss this case and the implications it has for your organisation. Just select the time and date that works for you: