Fragomen Data Breach: Google's Law Firm Confirms Incident

The immigration law practice of Fragomen, Del Rey, Bernsen & Loewy has reported a security incident resulting in unauthorized access to personal data belonging to both present and past Google personnel.

This New York-based legal firm offers businesses services related to employment eligibility verification, assessing whether individuals possess the necessary authorization to be employed within the U.S.

All businesses functioning within the United States are obligated to keep a Form I-9 record for each employee, confirming their legal right to work and ensuring they aren’t subject to stricter immigration regulations. However, these Form I-9 records frequently include highly confidential details, such as government-issued documents like passports, identification cards, and driver’s licenses, alongside other personal information, which makes them attractive targets for cyberattacks and identity theft.

The firm stated that it identified last month that an external, unauthorized party gained access to a file containing personal details relating to a “limited number” of current and former Google staff members.

In a notification submitted to the California attorney general’s office, Fragomen did not specify the nature of the data accessed or the total number of Google employees impacted. Businesses experiencing a data breach affecting over 500 California residents are legally required to file a notification with the state’s attorney general.

Michael McNamara, representing Fragomen, did not disclose the number of Google employees affected by this incident.

A representative from Google could not be reached for a statement regarding this matter.