image
A phisher’s treasure chest of personally identifiable information (PII) for General Electric employees has been exposed – thanks to the compromise of one of the company’s partners, Canon Business Process Services. In a data-breach notice filed with the State of California, General Electric (GE) noted that it contracts with Canon to process various documents related to human resources matters. The impact of the breach effects current and former GE employees and beneficiaries entitled to benefits, the conglomerate said. The documents were uploaded directly to Canon’s systems. GE said that a security incident at Canon in February exposed a wide-ranging number of sensitive HR-related documents. These include divorce, death and marriage certificates; benefits information (beneficiary designation forms and applications for benefits such as retirement, severance and death benefits); and even medical child support orders. Other hacked info includes direct-deposit forms, driver’s licenses, passports, tax withholding forms, names, addresses, Social Security numbers, bank-account numbers, dates of birth and other information. It’s a jackpot for an attacker. The information could be sold in underground criminal forums, or used to craft highly convincing phishing and scam emails, or used to carry out identity theft and fraud. GE was notified on February 28 that Canon had suffered the breach. According to the disclosure notice, between February 3 and 14, an unauthorized adversary was…

Source