The threat was discovered last month by the firm, which found that an unauthorized third party had accessed the data for a “limited number” of current and former employees for the tech giant, according to the report.
The firm, based in New York, provides services for employment verification screening, letting companies know if prospective employees are able to work in the U.S., the report stated. Companies in the country have to maintain a Form I-9 file detailing every employee ensuring that they’re legally allowed to work in the U.S. and are not beholden to stricter immigration rules.
However, Form I-9 files also come with sensitive information, including passports, ID cards, driver’s licenses and other personally identifiable information. Because of that, hackers and thieves have targeted this information before, according to the report.
Fragomen didn’t say exactly what kind of data had been accessed in a report to the California attorney general’s office, and the firm didn’t specify exactly how many employees had been affected. Companies with data affecting more than 500 state residents are required to submit notices with the state’s attorney general office, the report stated.
With data breaches increasingly happening with large, trusted firms, Google made the decision early this year to stop collecting third-party cookies on its Chrome browser by 2022. It’s unknown what that could mean for the future.
The need for better security is undeniable, with 63 percent of U.S. firms reporting at least one breach that compromised at least 1,000 records in 2019. The difficulty for merchants is varying standards, with states having differing laws on who can access what, and those rules affect smaller companies relying on big ones like Google.