GE Discloses Service Provider Canon Suffered Data Breach

GE Discloses Service Provider Canon Suffered Data Breach

General Electric (GE), a Fortune 500 technology corporation, today disclosed a data breach of personally identifiable information of both current and former employees. In a filing with the Office of the California Attorney General, GE stated that GE service provider Canon Business Process Services suffered the breach; an unauthorized party accessed a Canon employee’s email account in February. 

ALERT: Hackers don’t wait for world crises to end. Our Buyer’s Guide for SIEM helps you evaluate the best solutions for your business use case and features profiles of the leading profiles, as well as a category overview of the marketplace.

The information breached includes direct deposit forms, driver’s licenses, passports, birth certificates, marriage certificates, death certificates, tax withholding forms, Social Security Numbers and bank account numbers. The notice clarified that GE systems did not suffer in the breach and that Canon offers identity protection and credit monitoring to affected individuals. 

Jonathan Deveaux, Head of Enterprise Data Protection at comforte AG, commented on the GE data breach:

“It seems that no matter how much training and awareness is provided, the human element remains the weakest link in the cybersecurity chain. The problem is not entirely the employees’ fault, as hackers and attackers are improving their tactics to trick employees into clicking on links infected with malware. A determined attacker may go as far as designing an email to look authentic and even read as if clicking on the link is the right thing to do. Unfortunately, in this case, hackers obtained the credentials for a corporate email. This means that they had access to everything that the employee did. Instances like this are easily avoided through good account hygiene. However they are extremely difficult to mitigate once it has occurred.” 

“What is clear is that human activity in cyberspace is still susceptible to data breaches, leaks, or exposure. Therefore, companies need to take a more active approach to safeguard their businesses from cyber-attacks. AI can help determine if emails should be captured and quarantined before even getting to employees’ inboxes. De-identifying sensitive data can also ensure that the data a cyber attacker is usually after has no exploitable value. Continued awareness training, education, and communication can help reduce the likelihood of humans clicking on malware-laced links, even though the possibility is highest among threat vectors.”

Learn more about cybersecurity here. Learn more about comforte AG here.

 

Ben Canner

Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.
Ben Canner