Pierluigi Paganini March 24, 2020

General Electric (GE) s a data breach that exposed personally identifiable information of current and former employees, as well as beneficiaries.

The technology giant General Electric (GE) disclosed a data breach that exposed personally identifiable information of current and former employees, as well as beneficiaries. The data breach was caused by a security breach suffered by one of GE’s service providers, Canon Business Process Services.

General Electric Company (GE) is an American multinational conglomerate that operates in aviation, healthcare, power, renewable energy, digital industry, additive manufacturing, venture capital and finance, and lighting industries.

Today GE ranked among the Fortune 500 as the 21th-largest firm in the U.S. by gross revenue.

“We are aware of a data security incident experienced by one of GE’s suppliers, Canon Business Process Services, Inc. We understand certain personal information on Canon’s systems may have been accessed by an unauthorized individual.” reads the statement sent by GE to BleepingComputer. “Protection of personal information is a top priority for GE, and we are taking steps to notify the affected employees and former employees.”

The company confirmed that one of their employees’ email accounts breached by an unauthorized party in February.

“We were notified on February 28, 2020 that Canon had determined that, between approximately February 3 – 14, 2020, an unauthorized party gained access to an email account that contained documents of certain GE employees, former employees and beneficiaries entitled to benefits that were maintained Canon’s systems,” reads the data breach notification filed with the Office of the California Attorney General and published by BleeringComputer.

“Canon has indicated that the affected documents, which contained certain personal information, were uploaded by or for GE employees, former employees and beneficiaries entitled to benefits in connection with Canon’s workflow routing service.”

Personal information contained in documents such as direct deposit forms are driver’s licenses, passports, birth certificates, marriage certificates, death certificates, medical child support orders, tax withholding forms, beneficiary designation forms and applications for benefits such as retirement, severance and death benefits with related forms and documents, may have included names, addresses, Social Security numbers, driver’s license numbers, bank account numbers, passport numbers, dates of birth, and other information contained in the relevant forms.

The security breach did not impacted systems at GE, the company is working with canon to determine the extent of the incident and identify the impacted GE employees, former employees and beneficiaries.

Canon offers identity protection and credit monitoring services to impacted people for two years through Experian.

GE has also set up support a dedicated line to support the affected.

Pierluigi Paganini

(SecurityAffairs – General electric, data breach)

[adrotate banner=”5″]

[adrotate banner=”13″]