weerapat1003 - stock.adobe.com
Canon breach exposes General Electric employee data
Canon Business Process Services was breached last month, according to an announcement by General Electric, which used Canon for employee document processing.
Canon Business Process Services suffered a security incident, according to a data breach disclosure by General Electric, for which Canon processes current and former employees' documents and beneficiary-related documents.
GE systems were not impacted by the cyberattack, according to the company's disclosure, but personally identifiable information for current and former employees as well as their beneficiaries was exposed in the Canon breach. The breach, which was first reported by BleepingComputer, took place between Feb. 3 and Feb. 14 of this year, and GE was notified of the breach on the 28th. According to the disclosure, "an unauthorized party gained access to an email account that contained documents of certain GE employees, former employees and beneficiaries entitled to benefits that were maintained on Canon's systems."
Said documents included "direct deposit forms, driver's licenses, passports, birth certificates, marriage certificates, death certificates, medical child support orders, tax withholding forms, beneficiary designation forms and applications for benefits such as retirement, severance and death benefits with related forms and documents." Personal information stolen "may have included names, addresses, Social Security numbers, driver's license numbers, bank account numbers, passport numbers, dates of birth, and other information contained in the relevant forms."
GE's disclosure also said Canon retained "a data security expert" to conduct a forensic investigation. At GE's request, Canon is offering two years of free identity protection and credit monitoring services.
GE shared the following statement with SearchSecurity regarding the Canon breach.
"We are aware of a data security incident experienced by one of GE's suppliers, Canon Business Process Services, Inc. We understand certain personal information on Canon's systems may have been accessed by an unauthorized individual. Protection of personal information is a top priority for GE, and we are taking steps to notify the affected employees and former employees," the statement read.
Canon did not return SearchSecurity's request for comment. At press time, Canon has not released a public statement.