Home News Fragomen’s Data Breach Exposes Google Employees’ Personal Data

Fragomen’s Data Breach Exposes Google Employees’ Personal Data


Fragomen, Del Rey, Bernsen & Loewy, an immigration law firm in the U.S., revealed a data breach that exposed personal information of current and former Google employees. In a security alert, Fragomen stated that an unauthorized third party compromised its network systems and illicitly accessed a file on September 24, 2020, which contained Googlers’ personal data.

Fragomen provides employment verification screening services to the organizations and is also responsible for providing Form I-9 compliance services to Google.

Employees use Form I-9 to declare their citizenship and eligibility to work in the U.S. These forms hold employees’ private information like full name, birth dates, address, email details, contact number, social security number, passport details, and other immigration identifiers, which can be easily misused by cybercriminals for various malicious activities.

While there is no information on how many Googlers were affected in the incident, Fragomen stated that it commenced an investigation with a digital forensic firm for further analysis. It also stated that it is offering complimentary identity theft protection and credit monitoring services to all the affected employees.

“We have no evidence at this point in time that your information has been viewed, we wanted to notify you of this incident and assure you that we take it very seriously. We have taken steps in response to this incident, including implementing enhancements to our IT Security infrastructure and detection capabilities,” Fragomen said.

Threat Actors Exploited Google

Recently, a threat intelligence team from GreatHorn uncovered a series of ongoing phishing campaigns targeting users of Google’s Gmail. The attackers used imposter open redirector domains and subsidiary domains of various popular brands and sent tens of thousands of emails to corporate account users globally. The comprehensive and multi-pronged attack campaign had multiple hosting services and web servers that were used to host fraudulent Office 365 login pages. It was also found that malicious links and fraudulent emails/attachments were bypassing users’ security controls and email security platforms.