securityweek.com
By Eduard Kovacs| January 13, 2026 (12:09 PM ET)
The law firm Fried Frank seems to be informing high-profile clients about a recent data security incident.
PMorgan Chase is informing some investors about a data breach stemming from a recent cybersecurity incident at an outside law firm. The same incident triggered a similar data breach notice from Goldman Sachs in December 2025.
The Maine Attorney General’s Office requires companies that have suffered a data breach impacting the state’s residents to submit a report and a copy of the notification letter sent to affected individuals.
JPMorgan Chase submitted such a notification to the Maine AGO on Tuesday, revealing that investors in a private equity fund have been impacted by a data breach linked to an incident at the law firm Fried, Frank, Harris, Shriver & Jacobson LLP.
The notification letters reveal that an “unauthorized third party” copied files from a Fried Frank shared network drive. Some of the files contained the personal information of individuals who invested in the JPMorgan fund.
The compromised information includes names, contact information, account numbers, SSNs, and passport or other government ID numbers.
JPMorgan told the Maine AGO that a total of 659 individuals are affected by the data breach.
The banking giant’s disclosure mirrors a similar warning issued by Goldman Sachs in late 2025.
According to Goldman’s notification to impacted investors, Fried Frank told the company that “based on the steps it has taken to date, it believes that any data exposed in the incident is unlikely to be distributed or used improperly”.
Both Wall Street titans highlighted that their own systems were not compromised.
Fried Frank is facing lawsuits over the data breach.
It’s unclear who is behind the intrusion. SecurityWeek has not seen any ransomware group taking credit for an attack on Fried Frank. If it was indeed a ransomware attack, the law firm may have paid a ransom, which would be consistent with its statement about the unlikely abuse of the data.
SecurityWeek has reached out to Fried Frank for additional information and will update this article if the company responds.
