Cyber Incident Victim: General Motors

In late 2016, General Motors detected unauthorized activity involving employee personal information after being alerted by the Michigan Unemployment Insurance Agency. The agency notified GM that fraudulent unemployment compensation claims had been filed using employees' names and Social Security Numbers, with attackers falsely asserting affected workers were on layoff. The company confirmed the compromise of personally identifiable information (PII) including full names and Social Security Numbers, though the exact number of affected individuals remained undisclosed. GM began sending breach notifications to impacted employees prior to December 31, 2016, though the duration of attacker access to systems and full scope of data exfiltrated were not publicly determined. The automaker formally protested all fraudulent unemployment claims with state authorities, affirming that targeted employees remained actively employed.

The incident resulted in direct financial fraud through illegitimate unemployment benefit collections and created substantial identity theft risks for affected personnel. GM directed compromised employees to complete IRS Form 14039 to report identity theft incidents stemming from the breach, enabling tax-related fraud protections through federal channels. No threat actor claimed responsibility for the intrusion, and investigators did not publicly attribute the attack to any specific group or nation-state. The company did not disclose technical details regarding intrusion vectors, compromised systems, or detection methodologies. While notification procedures were initiated, GM provided no public information about additional remediation measures such as credit monitoring services or cybersecurity improvements implemented post-incident. The breach's full operational and financial consequences remained unquantified in available disclosures.