Data of 1.6 million customers breached at Canadian utility and bills payment kiosk provider


In July 2017, PayPal acquired the payment processor company called TIO Networks. In early December, PayPal suspended TIO's operations after a review of TIO’s network identified a potential security breach of personally identifiable information for approximately 1.6 million customers.

The compromised data included bank account information, payment card information, passwords and usernames for accounts and Social Security numbers.

The TIO computer network was kept segregated from PayPal’s, so PayPal systems were not compromised. However the event represented a public relations issue for Paypal who were keen to avoid PayPal and data breach appearing in the same sentence.

The case provides a good lesson on quarantining new systems during acquisitions until fully vetted in order to prevent a data breach from spreading across company systems.

Book a consultation

Want to discuss this case? You can purchase a 30 minute conference call with our analysts to discuss this case and the implications it has for your organisation. Just select the time and date that works for you:


  • Paypal Holdings Inc.

We've done the analysis so you can make the decisions

When purchasing a minimum of 5 Case Studies
$699.99 if buying less than 5.

  • Detailed cause & effect analysis
  • Lessons learnt catalogued
  • Preventive controls extracted
Add to Cart
Heads up! Want to try before you buy? You can download our FREE demo case study here