Fragomen Confirms Data Breach Impacting Google Employees
The Am Law 100 firm revealed that a data breach allowed a third party to gain limited access to Google employees’ personal information.
Immigration law firm Fragomen, Del Rey, Bernsen & Loewy confirmed a data breach that allowed an unauthorised third party to access a file containing personal information related to a “limited number” of employees at Google, one of its clients.
The firm filed a notice disclosing the data breach to the California attorney general’s office on Friday, saying that it had been found last month while the company was investigating suspicious activity within its network.
“While our investigation is ongoing, we discovered that an unauthorized third party gained access to a single file containing personal information relating to I-9 employment verification services,” Fragomen wrote in its notice to persons affected by the breach. These persons were “a discrete number of Googlers” and former Google employees.
“While we have no evidence of any further misuse, we have taken steps to remediate the incident and have verified it was an isolated incident that did not involve our general client data systems,” the firm continued, adding that the incident was not indicative of its “robust” cybersecurity guidelines and practices.
All companies operating in the US are required to maintain a Form I-9 file on each of its employees to ensure that they are legally allowed to work in the country and are not subject to restrictive immigration rules. These files can contain sensitive information, including passports, driver’s licenses, ID cards and other identifiable data, potentially exposing their owners to identity fraud.
Fragomen declined to clarify how many Google employees were affected by the breach and what kind of information was accessed. When more than 500 California-based employees are affected by a data breach, their employer is required to submit a notice of the incident with the attorney general’s office.
Cyberattacks have grown in scope and frequency since the beginning of the year, with law firms and the sensitive information they hold making tempting targets for fraudsters. Earlier this month, Chicago-based Am Law 100 firm Seyfarth Shaw experienced a ransomware attack that shut down several of its systems, and in May the London-based firm Grubman Shire Meiselas & Sacks was the victim of an attack that saw a trove of information on its celebrity clients seized.