Canon Data Breach - Hackers Accessed Personal Information

Canon Data Breach – Hackers Accessed Personal Information

Class Action Lawsuit Filed Against General Electric Company and Canon Business Process Services For Alleged Failure to Secure and Safeguard Personal Identifying Information of Hundreds of Thousands of Current and Former GE Employees and Employee Beneficiaries

Kehoe Law Firm, P.C. is making consumers aware that on April 2, 2020, a class action lawsuit was filed against the General Electric Company (“GE”) and Canon Business Process Services, Inc. (“Canon”) in United States District Court, Eastern District of California, for the Defendants’ alleged “failure to secure and safeguard her personal identifying information . . . and the [p]ersonal [i]nformation of hundreds of thousands of other current and former GE employees, as well as the GE employees’ beneficiaries.”

According to the class action complaint:

Unfortunately for current and former GE employees entitled to benefits, between approximately February 3, 2020 and February 14, 2020, Canon experienced a data breach in which hackers accessed the [p]ersonal [i]nformation of numerous current and former GE employees entitled to benefits, including their beneficiaries . . ..[]

According to GE, hackers gained access to, at minimum, the below categories of information:[]

direct deposit forms, driver’s licenses, passports, birth certificates, marriage certificates, death certificates, medical child support orders, tax withholding forms, beneficiary designation forms and applications for benefits such as retirement, severance and death benefits with related forms and documents, may have included names, addresses, Social Security numbers, driver’s license numbers, bank account numbers, passport numbers, dates of birth, and other information contained in the relevant forms. [Emphasis added.]

The complaint alleges that “the Data Breach was the inevitable result of Defendants’ inadequate approach to data security and their failure to protect Class Members’ [p]ersonal [i]nformation that they collected, maintained, and disseminated during the course of their business.”

GE’s “Notice of Data Breach” Submitted to California Attorney General

On March 20, 2020, GE submitted a “Notice of Data Breach” to the California Attorney General which, among other things, stated the following:

What Happened?

[GE was] notified on February 28, 2020 that Canon had determined that, between approximately February 3 – 14, 2020, an unauthorized party gained access to an email account that contained documents of certain GE employees, former employees and beneficiaries entitled to benefits that were maintained on Canon’s systems.

What Information Was Involved?

Canon has indicated that the affected documents, which contained certain personal information, were uploaded by or for GE employees, former employees and beneficiaries entitled to benefits in connection with Canon’s workflow routing service. The relevant personal information, which was contained in documents such as direct deposit forms, driver’s licenses, passports, birth certificates, marriage certificates, death certificates, medical child support orders, tax withholding forms, beneficiary designation forms and applications for benefits such as retirement, severance and death benefits with related forms and documents, may have included names, addresses, Social Security numbers, driver’s license numbers, bank account numbers, passport numbers, dates of birth, and other information contained in the relevant forms.

Have You Been Impacted by A Data Breach?

If so, please either contact Kehoe Law Firm, P.C., Michael Yarnoff, Esq., (215) 792-6676, Ext. 804, [email protected], complete the form on the right or e-mail [email protected] for a free, no-obligation case evaluation of your facts to determine whether your privacy rights have been violated and whether there is a basis for a data privacy class action.

Examples of the type of relief sought by data privacy class actions, include, but are not limited to, reimbursement of identity theft losses and of out-of-pocket costs paid by data breach victims for protective measures such as credit monitoring services, credit reports, and credit freezes; compensation for time spent responding to the breach; imposition of credit monitoring services and identity theft insurance, paid for by the defendant company; and improvements to the defendant company’s data security systems.

Data privacy class actions are brought on a contingent-fee basis; thus, plaintiffs and the class members do not pay out-of-pocket attorney’s fees or litigation costs.  Subject to court approval, attorney’s fees and litigation costs are derived from the recovery obtained for the class.

Kehoe Law Firm, P.C.