When Due Diligence fails – 5 examples where gaps were overlooked during acquisitions

January 2020 | Article


Companies have always leveraged mergers and acquisitions to grow their business, explore new synergies and capture more market share. As a result, the company that you merge with or acquire has a vital role to play in the success and longevity of your business, and its value to shareholders and consumers.

When entering a union such as this, it’s important to make sure that the company you are partnering with is a good fit. To do this, it is natural to hire an external agency to conduct due diligence on the target company, analyzing it for weaknesses and highlighting any opportunities that may arise. When due diligence is conducted correctly, the marriage tends to be blissful. Conversely, improperly conducted due diligence could potentially lead to a messy breakup.

We look at eight examples where poor due diligence had resulted in challenges for the acquiring company.

1. Symantec and Lifelock (2017)

Symantec      Lifelock

Symantec completed its acquisition of identity theft protection company Lifelock on 9th February 2017. Symantec paid $2.3 billion for the then-12-year old company, stating that the acquisition allowed them to provide more comprehensive digital safety solutions to its consumers. The acquisition would also allow consumers to use a single provider for protection services for their digital lives. Lifelock had at this time established itself as a reputable service provider, and boasted over 4.5 million customer accounts, and all parties expected the acquisition to only add to Symantec’s reputation.

In July 2018, security expert Brian Krebs reported that Lifelock had inadvertently exposed its customers to additional attacks from identity thieves and phishers. According to Krebs’s report, the Lifelock website had a vulnerability on its site that allowed anyone to use exposed subscriber keys to index email addresses associated with customer accounts, potentially exposing millions of customers. Shortly after Krebs notified Symantec, the site was taken down and the vulnerability fixed, with a statement saying that they have no indication of any suspicious activity.

Up till this point, Lifelock had been considered the gold-standard of digital identity protection, with companies such as Equifax that had faced data breaches offering affected parties free subscription to the service. Having this basic vulnerability exposed did serious damage to the company’s reputation, casting doubts on its raison d’être.

The larger question, though, is why didn’t Symantec, a security leader in its own right, identify this hole in Lifelock’s security during its acquisition? If Symantec had conducted proper IT due diligence, or recruited a firm that specializes in technical due diligence, this loophole could have been easily identified and corrected behind closed doors.

2. PayPal and Tio Networks (2017)

PayPal logo          Tio Networks logo

PayPal acquired Tio Networks for almost $240 million in late 2017. TIO Networks, a cloud-based bill payments processor whose clients included major utility, wireless, and cable companies in North America, was expected to add value to PayPal’s growing portfolio by integrating its vast network of bill payment services into the PayPal platform.

However, soon after the acquisition went through, PayPal suspended the operations of the network as it had uncovered evidence that a data breach. Almost 1.6 million Tio customers may have had their information – including personally identifiable information – leaked through a vulnerability in the Tio platform. Luckily, PayPal had not integrated the Tio systems into its own network, thereby limiting the damage to only existing Tio customers. PayPal offered affected customers free credit monitoring services from Experian.

While in this case PayPal had uncovered the ‘hole’ in Tio’s security system on their own, they only discovered this during their examination of the platform after the acquisition went through. A due diligence partner – especially one with expertise in fintech and payments – would have conducted a thorough IT assessment of the network and its infrastructure early in the process. This could have allowed both PayPal and Tio Networks the opportunity to address the issue on their own terms, and possibly limit the impact on their customers.

3. HP and Autonomy (2011)

Autonomy logo       HP Logo

In 2011, HP acquired Autonomy for $11.1 billion with a premium of almost 80% over market price, a price that was widely criticized. Soon after – in just a single year – HP wrote off $8.8 billion of Autonomy’s value, claiming that this was due to improprieties and misrepresentation by the Autonomy management. A bitter mudslinging contest ensued in civil courts, with both parties placing blame squarely on the other’s shoulders. While the case has yet to conclude on who is to blame, HP sold its Autonomy assets in 2017 to Micro Focus as part of a larger deal.

While HP had hired a commercial due diligence partner to analyse Autonomy’s books, the partner was unable to complete its checks before the announcement of the acquisition. HP nevertheless chose to go ahead with the acquisition in a bid to quickly cement its position. Could this story have gone a different way if the partner had been given the time to complete their commercial due diligence? Would a competent firm be able to identify the kind of impropriety that HP alleges Autonomy’s leadership had done? While we may never know what could have been, as experts in commercial due diligence, we are certain that the data would have provided a clearer picture on Autonomy’s business practices, allowing for HP to make a more informed decision, had the due diligence been successfully completed in time.

4. Cisco and Pure Digital (2009)

Flip Video logo       Cisco logo

In May 2009, Cisco paid almost $600 million to acquire Pure Digital. At the time, Pure Digital was an industry leader in the HD digital camera space. Pure Digital’s Flip HD digital camera was extremely popular with consumers, and Cisco seemed keen on entering the consumer electronics market, so this marriage – while raising a few eyebrows – was expected to be part of a larger strategy that would pay off.

However, in just two short years, Cisco announced that, while it was expanding its consumer business, the Flip would no longer be a part of it, effectively shutting the operations down. Why? In 2011, smartphones with built-in cameras were growing rapidly, and the difference in quality between the smartphone camera and the Flip was shrinking fast. Cisco evidently misread the market and did not correctly gauge which direction the wind was blowing.

Expert due diligence firms do a comprehensive market analysis to better assess the growth opportunities connected to the acquisition. A commercial due diligence partner with expertise in the field would be able to flag any threats on the horizon and empower the acquirer with the information needed to make a well-informed decision and plan their strategy accordingly.

5. Bank of America and Countrywide (2008)

Bank of America logo       Countrywide logo

In another example of an acquiring company misreading the times, and making a questionable investment, Bank of America (BofA) spent $4 billion in acquiring mortgage lender Countrywide in 2008. BofA was clearly betting big on the housing bubble of 2008 and were therefore ill-equipped to handle its inevitable burst.

Considering that this acquisition ended up costing BofA about $40 billion in penalties and real estate losses associated with Countrywide’s lending practices, it’s safe to say that, in its enthusiasm to hop on the bandwagon, BofA did not do thoroughly vet Countrywide’s business. The advantage of hiring an external partner to conduct commercial due diligence for you is that they can dispassionately and objectively assess the situation and provide you with a clear report highlighting strengths, weaknesses, opportunities and possible threats.

At Penser, we have developed the industry expertise to be able to provide our clients with the guidance they need to make informed decisions in the banking and payments sector. Through our commercial due diligence and technical due diligence services, we provide clear, comprehensive reports that outline the strengths and weaknesses of the target company.

If you’d like to learn more about our due diligence services, request a sample report by clicking here.

We also provide consulting services in strategic planning and digital transformation. Find out more by visiting our services page.