General Electric (GE) has warned its current and former workers that their sensitive and personal data may have been compromised in a data breach suffered by a key supplier.
Canon Business Process Services, an IT service management company that works on behalf of the tech giant, learned that a a third-party party gained access to an email account that contained sensitive documentation between 3 and 14 February.
No GE systems were inappropriately accessed or breached by hackers as part of the data security incident, according to a notice circulating among those potentially affected. Only the email account, which belongs to Cannon, was compromised.
This account contained documents of certain GE employees, former workers and beneficiaries entitled to benefits maintained through Canon’s systems.
The company has said these files, which contain sensitive and personal information, were uploaded by or on behalf of workers and former workers.
The data accessed includes direct deposit forms, driver’s licenses, passports, birth certificates, marriage certificates, death certificates, medical child support orders, and tax withholding forms, among other forms of documentation.
The compromised documents may have also contained names, addresses, social security numbers, driver’s license numbers, bank account numbers, passport numbers and individuals’ dates of birth.
“After learning of the issue, we quickly began working with Canon to identify the affected GE employees, former employees and beneficiaries,” GE said.
“We understand that Canon took steps to secure its systems and determine the nature of the issue. Canon also retained a data security expert to conduct a forensic investigation. GE systems, including your personal information in our systems, have not been affected by the Canon data security incident.”
How enterprises are embracing cyber security challenges
Enterprises across Europe, the Middle East and Africa are undergoing a significant transformation
GE added it’s working to understand how the unauthorised individual was able to access Canon’s systems, and the company is taking steps to ensure appropriate measures are implemented to prevent a reoccurrence.
The firm assured those affected they’ll be entitled to one free credit report annually from each of the three nationwide consumer reporting agencies, under US law, and that Canon is offering identity protection and credit monitoring for two years through Experian.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2023.
Keumars Afifi-Sabet is a writer and editor that specialises in public sector, cyber security, and cloud computing. He first joined ITPro as a staff writer in April 2018 and eventually became its Features Editor. Although a regular contributor to other tech sites in the past, these days you will find Keumars on LiveScience, where he runs its Technology section.