Fried Frank Law Firm Suffers Data Breach Affecting 46,000 Individuals Pittsburgh, PA – On February 2, 2026, Fried Frank Harris Shriver & Jacobson LLP, a prominent law firm with offices in New York and Washington, D.C., disclosed a cybersecurity incident that compromised the personal information of over 46,000 individuals. The breach involved unauthorized access to the firm’s network, potentially exposing personally identifiable information (PII). Lynch Carpenter LLP, a national class action law firm, has initiated an investigation into the incident, citing potential legal claims for affected individuals. The firm, which specializes in data privacy litigation, has represented millions of clients in similar cases over the past decade. Fried Frank has not yet provided further details on the scope of the exposed data or the timeline of the breach. The incident underscores ongoing risks to sensitive information held by legal and professional services firms.

Fried Frank Law Firm Faces Class Action Over Data Breach Exposing Goldman Sachs Investors’ Sensitive Information A class action lawsuit filed on December 24, 2025, in the U.S. District Court for the Southern District of New York alleges that international law firm Fried, Frank, Harris, Shriver & Jacobson LLP failed to protect the personal data of investors in a Goldman Sachs private equity fund. The complaint, brought by plaintiff Andrew Sacks, claims the firm’s security lapse exposed sensitive information, including Social Security numbers, addresses, and banking details, without notifying affected individuals or offering credit monitoring. Goldman Sachs Asset Management LP confirmed the breach on December 19, notifying account holders of the incident at Fried Frank. However, Sacks—an investor in the Petershill Private Equity Seeding II Offshore Fund—stated he was never directly informed by the law firm, only learning of the breach through Goldman. He argues that had he known of Fried Frank’s inadequate security, he would not have entrusted his data to the firm. Fried Frank acknowledged the incident in a statement, noting it took immediate action to contain the breach, engaged external cybersecurity experts, and reported the matter to law enforcement. The firm maintained that its client services remained uninterrupted. The lawsuit seeks damages and a court order requiring Fried Frank to cover at least 10 years of credit monitoring for affected individuals, citing the long-term risks of identity theft. Claims include negligence, breach of implied contract, breach of fiduciary duty, and unjust enrichment. The case, Sacks v. Fried, Frank, Harris, Shriver & Jacobson LLP (No. 1:25-cv-10693), represents all individuals notified of the breach on or after December 19.

Fried Frank Data Breach Exposes PII of 659 JPMorgan Clients A data breach at law firm Fried, Frank, Harris, Shriver & Jacobson LLP has compromised the personal information of 659 JPMorgan Chase clients, including investors and associated individuals. The incident stemmed from a compromised user account that allowed an unauthorized third party to access and copy files from a shared network drive. The breach was discovered on October 27, 2025, with JPMorgan Chase notified on December 9, 2025. Exposed data included names, account numbers, Social Security numbers, passport numbers, government IDs, and contact details. Affected individuals spanned multiple states, with 37 in Massachusetts, two in New Hampshire, and one in Maine. Regulatory disclosures were filed with the Maine Attorney General, Massachusetts Office of Consumer Affairs and Business Regulation, and New Hampshire Attorney General on January 12, 2026. In response, JPMorgan Chase and Fried Frank conducted a joint review to assess the breach’s scope and bolster security measures. While JPMorgan’s systems remained uncompromised, the firm is offering affected clients two years of free credit monitoring through Experian IdentityWorks, including daily credit monitoring, identity theft resolution, and $1 million in insurance coverage. The incident highlights vulnerabilities in third-party legal service providers handling sensitive financial data.