shutterstock_490960141-1

Industry News: ESG5

      Know Your Breach: GE

      Apr 3, 2020 12:00:58 PM

      The target: General Electric, a Fortune 500 technology firm

      The take: Personally identifiable information and documentation of current and former employees, as well as their beneficiaries – including direct deposit forms, driver’s licenses, passports, birth certificates, marriage certificates, child support orders, and many others.

      The attack vector: While their own systems were not compromised, GE were notified by a service provider of a breach affecting their data. Canon Business Process Services reported that one of their employee’s email accounts was breached by an unauthorized party for a period of just under two weeks in February of this year. This employee had processed data on behalf of GE and the attackers gained access to a litany of confidential information.

      Service provider relationships continue to pose increasing challenges for firms in today’s security landscape, as subcontracted entities may handle a firm’s sensitive data – be that business-critical data or the PII of their employees. A firm is ultimately responsible for their data regardless if they or a subcontractor are the ones handling it, and as such, a firm’s own security controls must follow that data and extend to third party processors.

      Read more...

      Topics:Know Your Breach

      About Castle Hall Diligence

      Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →

      Subscribe to Cyber Updates