What's Happening?
Goldman Sachs has issued a notice to its clients regarding a cybersecurity incident involving Fried, Frank, Harris, Shriver & Jacobson LLP, a law firm that serves as external counsel for the bank's alternative
investment funds. The incident, which was disclosed in a letter dated December 19, 2025, did not impact Goldman Sachs's own systems, which remain secure. The bank is collaborating with Fried Frank to assess whether any client data was exposed. Fried Frank has assured Goldman Sachs that the data is unlikely to be misused, and an independent forensics firm has confirmed that the vulnerabilities have been addressed. Goldman Sachs is conducting its own review of Fried Frank's security measures to ensure the issue has been fully resolved.
Why It's Important?
This incident underscores the vulnerabilities that financial institutions face through their third-party service providers. While Goldman Sachs's systems were not directly compromised, the potential exposure of client data could have significant implications for client trust and the bank's reputation. The financial industry is highly sensitive to cybersecurity threats, and breaches can lead to regulatory scrutiny, financial losses, and damage to client relationships. This event highlights the importance of robust cybersecurity practices and the need for financial institutions to ensure that their partners and service providers adhere to stringent security standards.
What's Next?
Goldman Sachs will continue to work with Fried Frank to determine the full extent of the data exposure and will provide updates to affected clients as more information becomes available. The bank is also conducting its own assessment of Fried Frank's security controls to independently verify the remediation efforts. Clients are advised to remain vigilant and report any suspicious activity to their Goldman Sachs representative. The incident may prompt other financial institutions to review their own third-party risk management practices and strengthen their cybersecurity protocols.
