In a notice to California’s Attorney General, law firm Fragomen, Del Rey, Bernsen & Loewy has confirmed of a a data breach of employees at Google containing their personal information. The personal data stolen was stored as part of Fragomen’s I-9 employment verification services for Google.

The notice read, “We, Fragomen, Del Rey, Bernsen & Loewy, LLP (Fragomen) provide I-9 employment verification compliance services to Google. We are writing to inform you of an incident impacting a limited number of Googlers (and former Googlers) in which an unauthorized third party accessed a file containing your information. This notice explains the incident, our ongoing investigation and what we are doing in response.”

Fragomen claims that it recently discovered the incident on its computer network. The law firm noticed that an unauthorized third-party retrieved a single file that contained personal information relating to I-9 employment verification services. An I-9 employment verification form requires documents like U.S. Passport, Permanent Resident Card, Driver’s License, Voter registration card, etc. This information is very sensitive and prone to data theft and hacking. Fragomen says the file had only a few current and former Google employees’ personal information stored in it.

As of now, Fragomen is conducting an investigation into the matter to measure the actual size of the breach. The company has contacted a digital forensic investigation firm to help in the investigation. The company said, ” While we have no evidence at this point in time that your information has been viewed, we wanted to notify you of this incident and assure you that we take it very seriously. We have taken steps in response to this incident, including implementing enhancements to our IT Security infrastructure and detection capabilities.”

While the investigations are underway, Fragomen has offered complimentary identity theft protection and credit monitoring services to all Google employees who have been affected by the data breach. The data protection package includes 12 months of credit and CyberScan monitoring, a $1,000,000 insurance reimbursement policy, and fully managed ID theft recovery services.