200k personal records of GE employees and former employees leaked; financial and health data exposed

Cybersecurity incidents continue to occur even amid the coronavirus pandemic. General Electric has revealed that it is notifying its employees of a data breach that has compromised considerable amounts of confidential information.

The report sent to the company’s employees mentioned that the incident did not affect GE’s systems, but occurred at Canon Business Process Services, a company that provides some services to GE. Canon processes all documentation regarding GE employees (current and old); mentioned that at least 200,000 records were exposed during the incident.

Among the information presented are multiple confidential details, including:

  • Direct deposit forms
  • Driver’s licenses
  • Passports
  • Birth, marriage and death certificates,
  • Withholding tax forms
  • Full names
  • Social security numbers, among other details

The information remained exposed for almost a full month. No details have yet been revealed about the threat actor behind this incident, although cybersecurity specialists believe the company has no idea who might be responsible for this attack and its motivations.

At the request of the company, multiple hacking forums have been analyzed for some trace of the information compromised, although so far the search has been unsuccessful. However, in the notification sent to GE employees, they are mentioned to be exposed to phishing attempts, identity fraud, among other cybercrime variants. Because the incident occurred on Canon systems, GE specified in its notification that it will be the third party company responsible for providing electronic fraud protection services to those affected.

Access to this information has already been closed and no potential related incidents have been reported, although it is worth mentioning that this is a massive corporation, which could complicate things for those affected in the future.