Third-Party Data Breach Exposes GE Employees’ PII

Interested in learning more about how to ensure defensibility when trying to comply with CCPA before enforcement on July 1? Download our Comprehensive Guide to the CCPA.

Third-Party Data Breach Exposes GE Employees’ PII

Why This Privacy Law is Important:

News of the GE breach comes as companies have less than three months to comply with California Consumer Privacy Act (CCPA) enforcement on July 1. Companies must know what third parties have access to their company’s data and how they are protecting it required by the CCPA.


In February 2020, GE learned that an “unauthorized party” gained access to an email account associated with one of their third-party vendors, Canon Business Process Services. This email account contained personally identifiable information (PII) of current and former employees of GE. PII included: 

  • Bank account numbers 
  • Social Security numbers
  • Birth and death certificates
  • Other sensitive information 

Although it is unsure how many people were impacted, it is safe to assume more than 500 California residents were affected. California law requires organizations to alert the California Attorney General’s office in cases where a company sends breach notices to more than 500 California residents.

Download the Privacy Alert to the right to get the full text and expert analysis!

Download the Resource