Goldman Sachs Says Third-Party Breach May Have Exposed Client Data

By  |  December 26, 2025
 | 
Goldman Sachs

The data of some Goldman Sachs clients reportedly may have been exposed due to a cybersecurity incident at one of the bank’s law firms.

    Get the Full Story

    Complete the form to unlock this article and enjoy unlimited free access to all PYMNTS content — no additional logins required.

    yesSubscribe to our daily newsletter, PYMNTS Today.

    By completing this form, you agree to receive marketing communications from PYMNTS and to the sharing of your information with our sponsor, if applicable, in accordance with our Privacy Policy and Terms and Conditions.

    Goldman Sachs alerted investors in some of its alternative investment funds that they may have been impacted by a data breach at Fried Frank Harris Schriver & Jacobson LLP, Bloomberg reported Wednesday (Dec. 24).

    In a letter to those investors, the bank said it had been told by Fried Frank that the law firm’s network was now secure, the vulnerability that led to the breach had been corrected, and any data that was exposed was “unlikely to be distributed or used improperly.”

    A spokesperson for Goldman Sachs told Bloomberg, per the report: “Goldman Sachs’ systems were not impacted by this incident and remain secure. As always, we will continue to work to safeguard our clients and their data.”

    A Fried Frank spokesperson said in the report: “We promptly acted to contain the incident and engaged industry-leading, external data security experts to assist in our response and in verifying the security of our systems and reported the matter to law enforcement.”

    PYMNTS reported Dec. 16 that cyberattacks targeting organizations’ third-party exposure are one of the common fault lines seen among the most consequential incidents of 2025.

    Advertisement: Scroll to Continue

    The PYMNTS Intelligence report “Vendors and Vulnerabilities: The Cyberattack Squeeze on Mid-Market Firms” found that attackers frequently compromise a vendor first, then use the trust relationship to infiltrate their target firm. The report found that 38% of invoice fraud cases and 43% of phishing attacks stem from compromised vendors.

    Verizon said in May that 30% of the data breaches that occurred during the year ended Oct. 31, 2024, involved a third party. That percentage was up from 15% the previous year, the firm said in its Verizon 2025 Data Breach Investigations Report.

    The report said third parties such as suppliers, vendors, hosting partners and outsourced IT support providers act as custodians to companies’ data and underpin critical parts of their operations.

    Verizon said in the report that “when you are working with a third party, you have to consider their security limitations as well as your own.”


    Recommended

    Goldman Sachs

    Goldman Sachs Says Some Client Data May Have Been Exposed in Third-Party Data Breach

    Gmail on phone with keyboard

    Google to Allow Users to Change Gmail Address Without Losing Data

    tall buildings

    Worldwide M&A Value Leapt 50% in 2025, Driven by Looser US Regulations

    supply chain management

    How CFOs Rewrote the Playbook on Supply Chain Risk This Year

    See More In: , , , , ,