Difference between revisions of "Data Breach at Immigration Law Firm"
(Created page with "{{Event |Short Title=Personal Information of Google Employees Compromised in Data Breach at Immigration Law Firm |Location=United States |Date=November 2020 }}") |
|||
| Line 3: | Line 3: | ||
|Location=United States | |Location=United States | ||
|Date=November 2020 | |Date=November 2020 | ||
| + | |Taxonomy=Insecurity, Interrogation | ||
| + | |Personal Information=Identifying, Contact, Demographic, Professional | ||
| + | |Threat Actors=Unauthorised third party, Fragomen Del Rey Bernsen and Loewy law firm | ||
| + | |Affected Individuals=Current and former Google employees | ||
| + | |Summary=New York-based law firm has experienced a data breach that compromised personal information of current and former Google employees. | ||
| + | |Description=Immigration law firm Fragomen, Del Rey, Bernsen & Loewy claimed that an unauthorised individual accessed a file containing information relating to I-9 employment information on a “limited number” of Google employees. | ||
| + | |||
| + | Form I-9 is used to verify the identity and employment authorization of individuals working in the US, and can include an employee’s name, address, date of birth, email address, phone number, Social Security number, passport number and driver’s license data. | ||
| + | |||
| + | An unauthorized third party gained access to a single file containing personal information relating to I-9 employment verification services. This file contained personal information for a discrete number of Googlers (and former Googlers). The actions of this unauthorised third party can be seen as [[Interrogation]] of law firms files for personal information about Google employees. | ||
| + | |||
| + | The firm’s carelessness in protecting those files against the unauthorised access is [Insecurity]]. | ||
| + | |||
| + | <h3>Breakdown</h3> | ||
| + | <b>Threat:</b> Unauthorised third party probing law firm’s files for personal informaiton<br> | ||
| + | <b>At-Risk group:</b> Current and former Google employees<br> | ||
| + | <b>Harm:</b> Interrogation<br> | ||
| + | <b>Secondary Consequences:</b> not known<br> | ||
| + | |||
| + | <b>Threat:</b>Law firm not protecting personal information from unauthorised access<br> | ||
| + | <b>At-Risk group:</b> Current and former Google employees<br> | ||
| + | <b>Harm:</b> Insecurity<br> | ||
| + | <b>Secondary Consequences:</b> not known<br> | ||
| + | |Sources=https://hotforsecurity.bitdefender.com/blog/personal-information-of-google-employees-exposed-in-data-breach-at-immigration-law-firm-24421.html | ||
}} | }} | ||
Latest revision as of 13:59, 16 November 2020
| Data Breach at Immigration Law Firm | |
|---|---|
| Short Title | Personal Information of Google Employees Compromised in Data Breach at Immigration Law Firm |
| Location | United States |
| Date | November 2020 |
| Solove Harm | Insecurity, Interrogation |
| Information | Identifying, Contact, Demographic, Professional |
| Threat Actors | Unauthorised third party, Fragomen Del Rey Bernsen and Loewy law firm |
| Individuals | |
| Affected | Current and former Google employees |
| High Risk Groups | |
| Tangible Harms | |
New York-based law firm has experienced a data breach that compromised personal information of current and former Google employees.
Description
Immigration law firm Fragomen, Del Rey, Bernsen & Loewy claimed that an unauthorised individual accessed a file containing information relating to I-9 employment information on a “limited number” of Google employees.
Form I-9 is used to verify the identity and employment authorization of individuals working in the US, and can include an employee’s name, address, date of birth, email address, phone number, Social Security number, passport number and driver’s license data.
An unauthorized third party gained access to a single file containing personal information relating to I-9 employment verification services. This file contained personal information for a discrete number of Googlers (and former Googlers). The actions of this unauthorised third party can be seen as Interrogation of law firms files for personal information about Google employees.
The firm’s carelessness in protecting those files against the unauthorised access is [Insecurity]].
Breakdown
Threat: Unauthorised third party probing law firm’s files for personal informaiton
At-Risk group: Current and former Google employees
Harm: Interrogation
Secondary Consequences: not known
Threat:Law firm not protecting personal information from unauthorised access
At-Risk group: Current and former Google employees
Harm: Insecurity
Secondary Consequences: not known