Between February 3 and 14, an unauthorized person accessed the email of Canon Business Process Services, a company hired by GE to process employee benefit documents.
Highly sensitive HR-related documents and data of current and former GE employees (and their beneficiaries) was exposed. This includes divorce, death and marriage certificates; benefits information (beneficiary designation forms and applications for benefits such as retirement, severance and death benefits); and medical child support orders. Other breached info includes direct-deposit forms, driver’s licenses, passports, tax withholding forms, names, addresses, Social Security numbers, bank-account numbers, dates of birth and other information.
The breached data is a treasure chest for attackers who can sell it in underground criminal forums, use it to craft highly convincing phishing/scam emails or use it to carry out identity theft and fraud.
GE’s notification to the Californian Office of the Attorney General is here:
Please fill out the form below if you wish to discuss with one of our attorneys.