Cyber Incident Victim: Fragomen, Del Rey, Bernsen & Loewy, LLP
Date:
Sep 2020
Location:
United States of America
Summary
A cybersecurity incident at Fragomen law firm involved unauthorized access to a file containing sensitive personal information from current and former Google employees related to I-9 employment verification forms. The compromised data included full names, dates of birth, contact details, social security numbers, passport information, and addresses, posing risks of identity theft and other fraudulent activities. The firm detected suspicious network activity and engaged forensic investigators, subsequently notifying affected individuals and offering one year of free credit monitoring services to mitigate potential harm.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The data breach at Fragomen, Del Rey, Bernsen & Loewy, LLP was discovered on September 24, 2020, when the firm identified suspicious activity within its computer network. An investigation revealed that an unauthorized third party had gained access to a single file containing personal information related to I-9 employment verification services provided for current and former Google employees. This file included sensitive personal data of affected individuals, specifically identified as "Googlers (and former Googlers)" in the firm's breach notification. The compromised information consisted of full names, dates of birth, phone numbers, social security numbers, passport numbers, mailing addresses, and email addresses – all standard elements collected through Form I-9, which verifies identity and employment authorization for U.S.-based workers. Fragomen engaged a digital forensic investigation firm to assist with determining the scope and method of intrusion, though the specific attack vector remained unspecified in available disclosures. The law firm did not disclose how many individuals were affected by the breach beyond characterizing the number as "discrete."
The exposed data created significant risks for identity theft and other fraudulent activities against impacted individuals, as the combination of social security numbers, passport details, and contact information provided comprehensive identity profiles. Fragomen responded by notifying affected Google employees directly through data breach notifications that explained the nature of the compromised information. As remediation, the firm offered one year of free credit monitoring services to those whose data was exposed. The breach specifically affected information related to Fragomen's employment verification services rather than broader firm systems, with no indication that client legal matters or other sensitive attorney-client data were compromised. The incident highlighted vulnerabilities in handling sensitive employee verification documents, particularly for high-profile corporate clients like Google, though the investigation did not reveal evidence of broader network compromise beyond the single accessed file containing I-9 data.