GE employee data leaked in a breach of service provider Canon


GE disclosed that personal information for a number of current and former employees was exposed in a security breach that took place between February 3-14 at Canon Business Process Services, one of its service providers. While the breach did not occur in GE’s systems, according to the legal filing, the case highlights a common supply chain risk: cyber governance extends beyond company networks and includes regimes of counterparties.



Personal identification information for an undisclosed number of current and former GE employees and their beneficiaries, including passports, driver’s licenses, birth certificates, bank account numbers and direct deposit forms, social security numbers, and DoB were reportedly included in the data theft. While GE promptly reported this incident to the California Attorney General’s office, and while data loss incidents such as this one are less costly to companies than ransomware breaches that disrupt company operations, the case still highlights the need for companies to implement rigorous cybersecurity regimes that take into account the cyber governance of their counterparties.

Suppliers or customers that have access to company IP or offer a potential back door into company IT systems must also be accounted for as part of a more robust approach to cyber governance. Events in the past year impacting some of the world’s largest managed service providers like WiPro and the theft of sensitive documents stolen from many major automobile companies (Tesla, VW, Toyota, Ford, Chrysler, GM) via a third-party robotics vendor in 2018 demonstrate that growing digital interconnectedness is making it increasingly difficult to distinguish a corporate network’s threat surface from that of a supplier, partner, or customer.

This hits at what Cyberhedge calls the third-party paradox—the corporate drive for greater efficiency and cost savings has created additional cyber-related supply chain vulnerabilities most companies haven’t considered when making strategy decisions about outsourcing.

We use cookies to make our website more user-friendly and effective

The Cyberhedge Indices Cookie Policy

What are the Cyberhedge Cyber Governance Indices?

These first ever benchmarks prove good cyber governance matters to shareholder value. They measure stock market performance of companies with good and with bad cyber governance scores. Scores are based on Cyberhedge’s proprietary cyber governance rating methodology. Market performance is tracked by an independent firm. The results show that companies with good cyber governance outperform their peers in US, UK, and EU markets.

Information that we collect

Here you can see and customize the information that we collect about you. To learn more, please read our privacy policy

Continue on website