Recently GE was informed that one of their service providers, Canon Business Process Services, Inc. (“Canon”), experienced a data security incident.
GE contracts with Canon to process documents of GE employees, former employees and beneficiaries entitled to benefits. The issue did not affect GE’s own systems.
GE were notified on February 28th 2020 that Canon had determined that, between approximately February 3 – 14, 2020, an unauthorized party gained access to an email account that contained documents of certain GE employees, former employees and beneficiaries entitled to benefits that were maintained on Canon’s systems.
Canon has indicated that the affected documents, which contained certain personal information, were uploaded by or for GE employees, former employees and beneficiaries entitled to benefits in connection with Canon’s workflow routing service.
The relevant personal information, which was contained in documents such as direct deposit forms, driver’s licenses, passports, birth certificates, marriage certificates, death certificates, medical child support orders, tax withholding forms, beneficiary designation forms and applications for benefits such as retirement, severance and death benefits with related forms and documents, may have included names, addresses, Social Security numbers, driver’s license numbers, bank account numbers, passport numbers, dates of birth, and other information contained in the relevant forms.
After learning of the issue, GE quickly began working with Canon to identify the affected GE employees, former employees and beneficiaries. They understand that Canon took steps to secure its systems and determine the nature of the issue. Canon also retained a data security expert to conduct a forensic investigation.
Further information here – https://oag.ca.gov/ecrime/databreach/reports/sb24-188474