Fragomen, a law firm that provides Google with I-9 employment verification compliance services, says the personal information of some people was compromised in a recent data breach.
Established in 1951 and headquartered in New York, Fragomen provides employment verification screening services, helping organizations determine whether employees are eligible to be working in the United States. Fragomen provides such services to Google.
Form I-9 files that companies in the United States are required to maintain on each employee that is allowed to work in the country contain a variety of sensitive data, including copies of government-issued identification documents.
In a notice of data breach filed with California’s Office of the Attorney General, Fragomen is informing affected Google employees of a data breach that it discovered on September 24, and which has resulted in personal information being compromised.
“We are writing to inform you of an incident impacting a limited number of Googlers (and former Googlers) in which an unauthorized third party accessed a file containing your information,” the company writes in its notification.
Fragomen noted that it became aware of suspicious activity within its network, which prompted it to launch an investigation. On September 24, the company discovered that a file containing I-9-related data was compromised.
“While our investigation is ongoing, we discovered that an unauthorized third party gained access to a single file containing personal information relating to I-9 employment verification services. This file contained personal information for a discrete number of Googlers (and former Googlers), including you,” the notice reads.
The law firm also said that the compromised file contained various amounts of personal information on the affected employees. The names of all affected individuals were included in the file, but the company has yet to provide details on what other types of information was compromised.
“While we have no evidence at this point in time that your information has been viewed, we wanted to notify you of this incident and assure you that we take it very seriously. We have taken steps in response to this incident, including implementing enhancements to our IT Security infrastructure and detection capabilities,” the company notes.
The number of affected users is not known at the moment, but SecurityWeek has reached out to both Fragomen and Google for additional details on the issue and will update this article if it receives a reply.
Related: Personal Information of 46,000 U.S. Veterans Exposed in Data Breach
Related: Freepik Discloses Data Breach Impacting 8.3 Million Users
Related: SANS Institute Says 28,000 User Records Exposed in Email Breach