Back to Data Breach

Data Breach

GE employees’ PII breached in a service provider security incident

On March 20, 2020, General Electric (GE) filed a data breach notice stating that a security incident occurred with one of its service providers. Personal information of employees, former employees, and beneficiaries were compromised in the attack.

The extent of the breach

On February 28, 2020, Canon Business Process Services (Canon), a GE service provider, notified GE that an unauthorized hacker accessed a Canon employee email account containing information on the GE employees between February 3 and 14, 2020. The compromised documents included direct deposit forms; driver licenses; passports; birth certificates; marriage certificates; death certificates; medical child support orders; tax withholding forms; beneficiary designation forms; and applications for benefits such as retirement, severance, and death benefits. The documents may have included names, addresses, Social Security numbers, bank account numbers, dates of birth, and other information.

Canon has hired a security expert to investigate and step up its security measures. Fortunately, GE's systems were not affected by the breach; however, GE is taking measures to improve its security posture as well. Canon is offering free identity protection and credit monitoring services to affected individuals for two years.

Arm yourself against cybersecurity disasters like this by investing in a tool that will protect your network from brute-force attacks, ransomware threats, and denial-of-service (DoS) attacks. Download ManageEngine Log360, a comprehensive solution to help you combat both internal and external security attacks.

How ManageEngine can help.

Log360, our comprehensive SIEM solution, can help your organization by:

  • Alerting security teams in real time about events that require their immediate attention, such as network attacks, unauthorized access attempts to files or folders, security group membership changes, and account lockouts.
  • Detecting unauthorized network access attempts with its built-in Structured Threat Information eXpression (STIX/TAXII) feeds processor. Log360 also has a global IP threat database that can instantly detect known malicious traffic passing through the network as well as outbound connections to malicious domains and callback servers. 
  • Finding potential insider threats with its user and entity behavior analytics engine, which creates a baseline of normal activities that are specific to each user and notifies security personnel instantly when there's a deviation from this norm.
  • Obtaining important forensic information about incidents. The collected logs can be securely archived to help prove adherence to compliance standards and reduce potential legal penalties during investigations.
  • Automatically raising incidents as tickets to specific technicians in ServiceDesk Plus, JIRA, Zendesk, Kayako, or ServiceNow to create an incident resolution process that's swift and accountable.

Download a free trial of Log360 to see the tool in action for yourself.

© 2022 Zoho Corporation Pvt. Ltd. All rights reserved.

+

Stay In The Know

Thank you

You will receive weekly cybersecurity news soon!

  • Please enter a business email id
  •  
  •  
    By clicking 'I'm Interested', you agree to processing of personal data according to the Privacy Policy.