Past and present employees of General Electric (GE) are learning that their sensitive information has been exposed by a data breach at a third-party service provider.
Fortune 500 company GE says it was recently informed of a security breach at one of its partners, Canon Business Process Services.
According to GE, between approximately February 3 – 14, 2020, an unauthorized party managed to gain access to a Canon email account that contained sensitive information on current and former employees, as well as beneficiaries.
What the hackers managed to access was effectively a treasure trove of information which could be sold on underground forums to other criminals and fraudsters, or used to target individuals with convincing scam emails and phishing attacks.
Information about GE employees gained by the hack of the Canon email account included:
- direct deposit forms
- driver’s licenses
- birth certificates
- marriage certificates
- death certificates
- medical child support orders
- tax withholding forms
- beneficiary designation forms
- applications for benefits such as retirement, severance and death benefits with related forms and documents
According to GE’s data breach notification letter, exposed forms may have included names, addresses, Social Security numbers, driver’s license numbers, bank account numbers, passport numbers, dates of birth, and other information.
And the problem is this. When your password gets compromised after a data breach, you can change your password. Of course it can be a pain and a nuisance to change your password, but it’s not an insurmountable problem – and if you haven’t made the mistake of reusing the same password in multiple places the impact of the breach is limited.
But just try changing the details contained on your passport, your date of birth, your bank account details, or your social security number…
GE says that, following the discovery of the breach, its partner Canon (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Graham Cluley. Read the original post at: https://www.tripwire.com/state-of-security/featured/ge-data-breach-third-party/