In July 2017, PayPal acquired the payment processor company called TIO Networks. In early December, PayPal suspended TIO's operations after a review of TIO’s network identified a potential security breach of personally identifiable information for approximately 1.6 million customers.
The compromised data included bank account information, payment card information, passwords and usernames for accounts and Social Security numbers.
The TIO computer network was kept segregated from PayPal’s, so PayPal systems were not compromised. However the event represented a public relations issue for Paypal who were keen to avoid PayPal and data breach appearing in the same sentence.
The case provides a good lesson on quarantining new systems during acquisitions until fully vetted in order to prevent a data breach from spreading across company systems.
Want to discuss this case? We're offering a FREE 20 minute phone consultation to discuss this case and the implications it has for your organisation. Just select the time and date that works for you:
If you'd rather we did the heavy lifting in developing a cyber incident response plan or lessons learnt training for your organisation underpined by our unique insight into the challenges faced and strategies implemented by organisations countering today's cyber security threats then please contact us here.