- An unrevealed number of ‘General Electric’ employees and beneficiaries have been exposed.
- The security incident occurred in the systems of one of GE’s contractors, “Canon Business Process Services.”
- The exposed data is highly sensitive, so the compromised individuals are given two years of identity protection.
‘General Electric’ (GE), the multinational technology giant, is circulating notices of a data breach to its current and former employees as well as their beneficiaries. This happens to inform them that their sensitive personal data may have been exposed after a hacker attacked “Canon Business Process Services,” one of GE’s workflow routing contractors. The company has clarified that no systems of General Electric are involved in this incident, so there are no corporate secrets breached or any other crucial business information that has been accessed by unauthorized users.
Canon determined that someone accessed the aforementioned documents on February 28, 2020, and notified General Electric immediately. The hacker compromised an employee’s email account and roamed the systems of the firm between February 3 and February 14, 2020. The documents that were accessed and potentially even exfiltrated contain the following information:
- Direct deposit forms
- Driver’s licenses and numbers
- Social Security numbers
- Passports and numbers
- Birth certificates
- Marriage certificates
- Death certificates
- Medical child support orders
- Tax withholding forms
- Beneficiary designation forms and applications for benefits such as retirement
- Severance and death benefits with related forms and documents
Being the corporate giant that they are, ‘General Electric’ employs 205,000 people in 180 countries. If we also account for the number of beneficiaries, this incident may have exposed the sensitive personal data of up to half a million people, or even more. However, since GE doesn’t provide any numbers, the above are just assumptions. Canon may have managed the documents of a subcategory of GE’s employees, or only of those who reside in the United States.
While the forensic investigation is underway, those who may have been exposed by this incident are urged to call ‘1-877-322-8228’ to order a free credit report, and then call ‘1-800-432-3450’ to address their questions to GE. If this incident has exposed you, you will be eligible for enrolling in a 24-month identity protection program and credit monitoring service by Experian, free of charge. Each letter of data breach notice has instructions on how to register and also an activation code for the service. Just note that you have until June 30, 2020, to enlist in the program.
We have seen a similar security incident disclosed by RailWorks Corporation recently. If this one is anything like the one mentioned, the attack to Canon may have involved the use of ransomware combined with data exfiltration for sustained extortion.