General Electric Discloses Data Breach Affecting Present and Former Employees

April 9, 2020

General Electric (GE), a global Fortune 500 company, has acknowledged a data breach affecting present and former employees and their beneficiaries. Between February 3-14, 2020, an unauthorized user gained access to the email account of Canon Business Process Services, which GE contracts with to process employee documents.

According to GE, exposed sensitive documents include divorce, death, and marriage certificates, beneficiary information, support orders, as well as direct deposit and tax withholding forms. Additionally, driver’s licenses, passports, Social Security numbers, and banking account numbers were revealed.

GE was informed February 28 and has notified potential victims. It is unclear if GE is the only affected customer at this time.

After learning of the issue, GE quickly began working with Canon to identify the affected GE employees, former employees and beneficiaries. "We understand that Canon took steps to secure its systems and determine the nature of the issue. Canon also retained a data security expert to conduct a forensic investigation, " reads the disclosure.

GE systems, including personal information in their systems, have not been affected by the Canon data security incident, claims GE. In addition, at GE's request, Canon is offering identity protection and credit monitoring services to affected individuals for two years at no cost to through Experian.

With the advent of Internet of Things (IoT) technology and Industrial Internet of Things (IIoT), the cyber security practices are increasingly getting integrated with the physical security practices.

We will provide insight on NDAA Section 889 and how the act has evolved and impacted business, so that organizations can better mitigate risk and stay compliant.