GE Sued Over Feb. Data Breach

General Electric Company employee Joyce Mercadal filed a class action complaint against General Electric (GE) and Canon Business Process Services, alleging that the company failed to adequately safeguard employee data that was stolen in a data breach earlier this year. The suit is filed in the California Eastern District Court. The plaintiff is represented by Bursor and Fisher.

Between February 3 and February 14, Canon experienced a data breach, which allowed hackers to obtain the personal information of current and former GE employees.  Mercadal alleges that GE failed to secure her personal identifying information and the personal information of the other prospective Class members, which include other GE employees and their beneficiaries.

The hackers gained access to “direct deposit forms, driver’s licenses, passports, birth certificates, marriage certificates, death certificates, medical child support orders, tax withholding forms, beneficiary designation forms and applications for benefits such as retirement, severance and death benefits with related forms and documents, may have included names, addresses, Social Security numbers, driver’s license numbers, bank account numbers, passport numbers, dates of birth, and other information contained in the relevant forms.”

The plaintiff states that the breach was caused by the defendants’ failure to properly secure the data. GE notified the state of California about the data breach on March 20 and suggested that those directly affected take measures protect themselves, by using credit monitoring and identity protection.

Mercadal states that the failure to secure this information increases the risk of identity theft and subsequent damages from said theft. Identifying information, such as Social Security Numbers are difficult to replace and in order to get a new number, a person must demonstrate the he “continues to be disadvantaged by the misuse,” thus the damage must already have happened.

The data breach has caused Mercadal and the other potential Class members to suffer from a loss of privacy, nuisance and diminished value of this personal identifying information. The plaintiff states that this will take years of monitoring personal information to ensure protection from theft and fraudulent activity.

Mercadal accuses GE of negligence because she and the potential Class members were required to supply personal information to receive benefits, therefore, this information should have been safeguarded. She argues that the defendants should have implemented “cybersecurity systems, anti-hacking technologies, and intrusion detection and reporting systems” to protect this information.