Immigration law firm Fragomen, Del Rey, Bernsen & Loewy has confirmed a data breach involving the personal information of current and former Google employees.
The New York-based law firm provides companies with employment verification screening services to determine if employees are eligible and authorized to work in the United States.
Every company operating in the United States is required to maintain a Form I-9 file on every employee to ensure that they are legally allowed to work and not subject to more restrictive immigration rules. But Form I-9 files can contain a ton of sensitive information, including government documents like passports, ID cards and driver’s licenses, and other personally identifiable data, making them a target for hackers and identity thieves.
But the law firm said it discovered last month that an unauthorized third-party accessed a file containing personal information on a “limited number” of current and former Google employees.
In a notice with the California attorney general’s office, Fragomen did not say what kind of data was accessed or how many Google employees were affected. Companies with more than 500 California residents affected by a breach are required to submit a notice with the state’s attorney general’s office.
Michael McNamara, a spokesperson for Fragomen, declined to say how many Google employees were affected by the breach.
A spokesperson for Google did not respond to a request for comment.