Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Law Firm Says Google Employee Information Compromised in Data Breach

Fragomen, a law firm that provides Google with I-9 employment verification compliance services, says the personal information of some people was compromised in a recent data breach.

Fragomen, a law firm that provides Google with I-9 employment verification compliance services, says the personal information of some people was compromised in a recent data breach.

Established in 1951 and headquartered in New York, Fragomen provides employment verification screening services, helping organizations determine whether employees are eligible to be working in the United States. Fragomen provides such services to Google.

Form I-9 files that companies in the United States are required to maintain on each employee that is allowed to work in the country contain a variety of sensitive data, including copies of government-issued identification documents.

In a notice of data breach filed with California’s Office of the Attorney General, Fragomen is informing affected Google employees of a data breach that it discovered on September 24, and which has resulted in personal information being compromised.

“We are writing to inform you of an incident impacting a limited number of Googlers (and former Googlers) in which an unauthorized third party accessed a file containing your information,” the company writes in its notification.

Fragomen noted that it became aware of suspicious activity within its network, which prompted it to launch an investigation. On September 24, the company discovered that a file containing I-9-related data was compromised.

“While our investigation is ongoing, we discovered that an unauthorized third party gained access to a single file containing personal information relating to I-9 employment verification services. This file contained personal information for a discrete number of Googlers (and former Googlers), including you,” the notice reads.

The law firm also said that the compromised file contained various amounts of personal information on the affected employees. The names of all affected individuals were included in the file, but the company has yet to provide details on what other types of information was compromised.

Advertisement. Scroll to continue reading.

“While we have no evidence at this point in time that your information has been viewed, we wanted to notify you of this incident and assure you that we take it very seriously. We have taken steps in response to this incident, including implementing enhancements to our IT Security infrastructure and detection capabilities,” the company notes.

The number of affected users is not known at the moment, but SecurityWeek has reached out to both Fragomen and Google for additional details on the issue and will update this article if it receives a reply.

Related: Personal Information of 46,000 U.S. Veterans Exposed in Data Breach

Related: Freepik Discloses Data Breach Impacting 8.3 Million Users

Related: SANS Institute Says 28,000 User Records Exposed in Email Breach

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...