General Electric (GE), a Fortune 500 technology corporation, today disclosed a data breach of personally identifiable information of both current and former employees. In a filing with the Office of the California Attorney General, GE stated that GE service provider Canon Business Process Services suffered the breach; an unauthorized party accessed a Canon employee’s email account in February.
The information breached includes direct deposit forms, driver’s licenses, passports, birth certificates, marriage certificates, death certificates, tax withholding forms, Social Security Numbers and bank account numbers. The notice clarified that GE systems did not suffer in the breach and that Canon offers identity protection and credit monitoring to affected individuals.
Jonathan Deveaux, Head of Enterprise Data Protection at comforte AG, commented on the GE data breach:
“It seems that no matter how much training and awareness is provided, the human element remains the weakest link in the cybersecurity chain. The problem is not entirely the employees’ fault, as hackers and attackers are improving their tactics to trick employees into clicking on links infected with malware. A determined attacker may go as far as designing an email to look authentic and even read as if clicking on the link is the right thing to do. Unfortunately, in this case, hackers obtained the credentials for a corporate email. This means that they had access to everything that the employee did. Instances like this are easily avoided through good account hygiene. However they are extremely difficult to mitigate once it has occurred.”
“What is clear is that human activity in cyberspace is still susceptible to data breaches, leaks, or exposure. Therefore, companies need to take a more active approach to safeguard their businesses from cyber-attacks. AI can help determine if emails should be captured and quarantined before even getting to employees’ inboxes. De-identifying sensitive data can also ensure that the data a cyber attacker is usually after has no exploitable value. Continued awareness training, education, and communication can help reduce the likelihood of humans clicking on malware-laced links, even though the possibility is highest among threat vectors.”
Latest posts by Ben Canner (see all)
- Revisiting Whether SOAR Will Replace SIEM in Business Cybersecurity - May 29, 2020
- Changing SIEM From Reactive to Proactive with Threat Hunting - May 27, 2020
- Top-Down SIEM: An Interview with Avi Chesla of Empow - May 21, 2020