Tech giant General Electric has become the latest victim of a massive data breach, exposing the personal information of its current and former GE employees, as well as their beneficiaries.
In a notice of data breach filed with the Office of the California Attorney General, the technology and financial services company said that one of its service providers, Canon Business Process Services, had one of its employee email accounts breached by an unauthorized party between Feb 3 and Feb 14.
"We were notified on February 28, 2020, that Canon had determined that, between approximately February 3 - 14, 2020, an unauthorized party gained access to an email account that contained documents of certain GE employees, former employees and beneficiaries entitled to benefits that were maintained on Canon’s systems,” GE explained in the notification.
Among the personal information affected by the breach included “the direct deposit forms, driver’s licenses, passports, birth certificates, marriage certificates, death certificates, medical child support orders, tax withholding forms, beneficiary designation forms and applications for benefits such as retirement,” as well as “severance and death benefits with related forms and documents,” the company reported.
In addition to these, relevant forms that have been compromised may also have contained names, addresses, social security numbers, driver’s license numbers, bank account numbers, passport numbers, and birth dates of the affected individuals.
GE, however, clarified that none of its direct systems has been affected by the recent security incident that impacted Canon. However, the tech giant acknowledged it is currently taking preventative measures to avoid a similar incident from happening.
After learning about the issue, the company said it had worked closely with Canon to determine the people affected by the breach.
“We understand that Canon took steps to secure its systems and determine the nature of the issue. Canon also retained a data security expert to conduct a forensic investigation,” it continued.
To date, GE assured that it is taking its obligation to protect the personal information of its employees very seriously and has encouraged victims to remain vigilant by keeping a strict track on account statements and credit reports.
“At our request, Canon is offering identity protection and credit monitoring services to affected individuals for two years at no cost to you through a company called Experian. The attached Reference Guide provides information on registration and the June 30, 2020 deadline to take advantage of these services,” the notification added.
