TIO operations suspended shortly after acquisition
In July 2017, PayPal (PYPL) acquired bill payments processor TIO Networks for $238 million. About four months later, PayPal suspended TIO’s operations. Of course, suspending operations was not what PayPal intended to do when it spent millions to own the business. There was a problem.
Shortly after it acquired TIO, PayPal discovered that TIO’s data security program fell short of its data security requirements. PayPal also noted security vulnerabilities on TIO’s platform. So it took measures to suspend TIO’s operations to protect customer information while it looks into the vulnerabilities.
1.6 million accounts likely breached
In December 2017, PayPal issued an update on the situation of TIO Networks operations, saying the suspension of operations was still on and that its investigations had revealed that the personally identifiable information for about 1.6 million customers may have been compromised. TIO supports about 16 million customer accounts.
PayPal’s probe of the security situation of TIO’s platform is continuing. For the accounts suspected of being compromised, PayPal is working with a credit reporting agency to provide free credit monitoring for the affected customers.
PayPal didn’t disclose how much it’s paying for the credit monitoring service for TIO customers. Dealing with the data breach problem could lead to unexpected expenses, which could hit PayPal’s bottom line if they’re significant.
Why did PayPal get involved with TIO? The acquisition of TIO was viewed as part of PayPal’s push to provide comprehensive financial services as it fights off competition from Square (SQ), Amazon (AMZN), and LendingClub (LC) in the payments and lending markets.
PayPal processed 2.2 billion transactions in 4Q17, a 25% rise year-over-year.