General Electric Confirms It's Investigating Claims Of A Shocking Data Breach
General Electric is primarily known for its spinning things, like washing machines, supersonic engines, or the GAU-8/A Avenger 30mm seven-barrel cannon mounted on the A-10 Warthog and CIWS weapon system. All goofs aside, GE is quite a broad company with connections in nearly every sector of the economy. Therefore, it is not surprising but a bit alarming that the company has been reportedly breached and has had DARPA-related information compromised.
On September 19th, user IntelBroker posted to BreachForums claiming that they had access to “some development and software pipelines belonging to General Electrics.” The going price for this was $500, and it came with access to GE’s GitHub and SVN (subversioning and revision control). However, that initial post only garnered two replies, and seemingly no buyers were interested despite IntelBroker’s track record of legitimate breaches.
Subsequently, IntelBroker reposted the listing on November 22nd, explaining that “no serious buyers have actually responded to me or followed up,” and as such, they were selling the entire thing. This includes network access via SSH, SVN, and other means, as well as an unknown quantity of stolen data. IntelBroker claims that this data includes “DARPA-related military information, files, SQL files, documents.” The evidence posted to back up this claim does appear to corroborate the military piece, but it is unclear how it ties to DARPA.
We have reached out to GE, who has yet to respond to us but told BleepingComputer that the company is “aware of claims made by a bad actor regarding GE data and are investigating these claims” and “will take appropriate measures to help protect the integrity of our systems." In any event, we will have to see if this data is legitimate and poses a threat to GE in due time, as if there are no buyers, the compromised data may be published online. As such, stay tuned to HotHardware for updates on GE security breach.