Technology service provider General Electric (GE) is a recent victim of a data breach that exposed personal data of thousands of its former and current employees. According to the official statement, the data breach occurred at Canon Business Process Services Inc., a service provider of GE, which is responsible for processing GE’s documentation on current employees, former employees, and beneficiaries entitled to benefits. The breach occurred when an unauthorized party gained access to one of Canon’s employees email account that contained documents of GE employees that were maintained on Canon’s systems.
Massive Data Exposed
The sensitive information obtained by the unauthorized party includes names, addresses, Social Security numbers, passport numbers, driver’s license numbers, bank account numbers, dates of birth and other information of GE employees and their beneficiaries. According to Canon, the other documented information that exposed in the incident includes direct deposit forms, driver’s licenses, passports, birth certificates, marriage certificates, death certificates, medical child support orders, tax withholding forms, beneficiary designation forms and applications for benefits such as retirement, severance and death benefits with related forms and documents.
The company stated the identity of the hackers is unknown and there is no sign of any misuse of the data at present. GE also clarified that personal information in its systems has not been affected due to the Canon data security incident.
However, cybercriminals do take advantage of stolen data for phishing attacks, identity theft incidents, or selling it on hacker forums. GE stated that Canon will be offering free identity protection and credit monitoring services to the affected employees.
“After learning of the issue, we quickly began working with Canon to identify the affected GE employees, former employees and beneficiaries. We understand that Canon took steps to secure its systems and determine the nature of the issue. Canon also retained a data security expert to conduct a forensic investigation,” the company said in a statement.