In a notification of violation sent to concerned parties and forwarded to the California Attorney General, GE claimed that an unauthorized party had access to a Canon email address containing records belonging to some of its employees. The breach happened between 3 and 14 February and culminated in the disclosure of details belonging to current and former GE workers and beneficiaries entitled to benefits. The compromised email address contained conception, marriage, and death records, direct deposit documents, visas, driver’s licenses, tax reports, professional child care orders, and benefit-related documents. The details released include names, addresses, social security numbers, driver’s license numbers, bank account numbers, dates of birth and passport numbers. Canon Business Process Solutions offers information management tools and GE states that it utilizes these systems to manage employee records. Documents revealed in this data loss have been transmitted to or by GE staff and beneficiaries’ in accordance with Canon’s workflow routing program.’ GE claims its internal networks are not impacted by the accident. Canon has not disclosed any details regarding the violation so it is unknown if GE is the only consumer harmed by the violation. GE was informed of the accident on 28 February and is seeking to figure out how the breach happened in order to introduce steps to deter similar accidents in the future. “Unfortunately, in this case, hackers obtained the credentials for a corporate email. This means that they had access to everything that the employee did. Instances like this are easily avoided through good account hygiene, however they are extremely difficult to mitigate once it has occurred,” Deveaux added.
