GE Data Breach – 3rd Party Vendor Canon Hacked – Employee, Retiree, and Beneficiary Data Stolen
Highly sensitive data was stolen from a General Electric (GE) third-party vendor. According to a letter sent by the company, the GE data breach impacts current and former employees of General Electric GE and occurred when a third-party vendor, Canon Business Process Services, was compromised. Canon processes employee documents on behalf of GE. Hackers gained access to an employee email account and accessed sensitive employee information between February 3 – 14, 2020. It is unknown at this time how many past and present employees or beneficiaries are affected by the GE data breach,
The hacked data comes from documents uploaded by employees, former employees, and beneficiaries who are entitled to benefits. GE sent a letter to those involved but did not disclose how many letters the company sent.
Although the GE data breach notice does not explicitly state it, is it likely that a Canon employee responded to a phishing email which somehow gave the hackers access to an IT network – possibly through a malware infection. Phishing emails are often launched with information collected from social engineering. For example, the names and contact information for human resource staff can often be taken from corporate websites or social media sites like LinkedIn. Hackers then target those employees with phishing emails trying to fool them into clicking on a malicious link or downloading an attachment that launches a malware attack. Once a computer is infected with malware, it can be used to steal usernames and passwords to highly private employee data or sensitive corporate secrets.
Hacked personal data presents a huge security risks for those affected by the GE data breach. GE and Canon did not state how many people are affected by the data beach and there is no estimate on how far back in time this data goes as it also involves former employees and their dependents.
Hackers steal this type of data to commit a variety of other cybercrimes. Anyone who has had personal information stolen is vulnerable to future identity theft, phishing emails, malware attacks, credit fraud. This is the type of information that can be used for medical identity theft and phishing email campaigns that steal money. It is also common for hackers to sell this information on the dark web. Just last week, Russia’s Federal Security Service arrested twenty-five Russian hackers, two of which who were the largest dealers of stolen personal data and credit card numbers. The carding ring preyed upon Western companies and made millions of dollars selling it on the dark web.
RELATED READ: Remote Work – Six Ways to Keep Your Data Safe When Working Remotely
It is important to change all passwords and set up identity theft monitoring. All online accounts that use the same email address are especially vulnerable to hackers.
Hacked documents include
- Direct deposit forms
- Driver’s licenses
- Passports
- Birth certificates
- Marriage certificates
- Death certificates
- Medical child support orders
- Tax withholding forms
- Beneficiary designation forms
- Applications for benefits such as retirement, severance, and death benefits
Breached data may have included
- Names
- Addresses
- Bank account numbers
- Social Security numbers
- Driver’s license numbers
- Bank account numbers
- Passport numbers
- Birthdates
- Other personal information contained in the relevant forms
Canon has secured its IT systems and is working with GE to identity which employees, former employees, and beneficiaries are impacted by the GE data breach
GE Data Breach – What Do I to Protect My Money?
All US citizens are entitled to a free credit report from each of the major credit reporting services or any time an application for credit is rejected. Canon is offering a complimentary two-year membership of Experian IdentityWorksSM Credit 3B.
- Order a credit report and review it carefully
- Look for accounts you did not open
- Monitor credit cards, loans, and other lines of credit for any increases in credit lines
- Check the information about you in each credit report. Make sure your contact address, phone number or other contact information has not changed
Max is a Data Privacy Coordinator at a major global law firm and a science fiction author residing in the Philadelphia area. He has been writing for https://www.askcybersecurity.com since early 2017.
