CONFERENCE NOW LIVE: Threat Detection & Incident Response (TDIR) Summit - Join the Event In-Progress
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Law Firm Says Google Employee Information Compromised in Data Breach

Fragomen, a law firm that provides Google with I-9 employment verification compliance services, says the personal information of some people was compromised in a recent data breach.

Fragomen, a law firm that provides Google with I-9 employment verification compliance services, says the personal information of some people was compromised in a recent data breach.

Established in 1951 and headquartered in New York, Fragomen provides employment verification screening services, helping organizations determine whether employees are eligible to be working in the United States. Fragomen provides such services to Google.

Form I-9 files that companies in the United States are required to maintain on each employee that is allowed to work in the country contain a variety of sensitive data, including copies of government-issued identification documents.

In a notice of data breach filed with California’s Office of the Attorney General, Fragomen is informing affected Google employees of a data breach that it discovered on September 24, and which has resulted in personal information being compromised.

“We are writing to inform you of an incident impacting a limited number of Googlers (and former Googlers) in which an unauthorized third party accessed a file containing your information,” the company writes in its notification.

Fragomen noted that it became aware of suspicious activity within its network, which prompted it to launch an investigation. On September 24, the company discovered that a file containing I-9-related data was compromised.

“While our investigation is ongoing, we discovered that an unauthorized third party gained access to a single file containing personal information relating to I-9 employment verification services. This file contained personal information for a discrete number of Googlers (and former Googlers), including you,” the notice reads.

The law firm also said that the compromised file contained various amounts of personal information on the affected employees. The names of all affected individuals were included in the file, but the company has yet to provide details on what other types of information was compromised.

Advertisement. Scroll to continue reading.

“While we have no evidence at this point in time that your information has been viewed, we wanted to notify you of this incident and assure you that we take it very seriously. We have taken steps in response to this incident, including implementing enhancements to our IT Security infrastructure and detection capabilities,” the company notes.

The number of affected users is not known at the moment, but SecurityWeek has reached out to both Fragomen and Google for additional details on the issue and will update this article if it receives a reply.

Related: Personal Information of 46,000 U.S. Veterans Exposed in Data Breach

Related: Freepik Discloses Data Breach Impacting 8.3 Million Users

Related: SANS Institute Says 28,000 User Records Exposed in Email Breach

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

Jeremy Koppen has left Mandiant after 13 years to become the CISO of Equifax.

Engineering and technology solutions provider Amentum has appointed Max Shier as its CISO.

PAM provider Keeper Security has appointed Shane Barney as its Chief Information Security Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.