JPMorgan Discloses Supply Chain Breach at Law Firm That Impacts Over 650 Investors
Published
Key Takeaways
- Third-Party Breach: JPMorgan Chase reported a data breach originating from a cybersecurity incident at the law firm Fried, Frank, Harris, Shriver & Jacobson LLP.
- Affected Parties: Personal information of over 650 individuals who invested in a JPMorgan private equity fund was compromised.Â
- Compromise: Exposed data includes names, contact details, account numbers, Social Security numbers, and passport or other government-issued ID numbers.
JPMorgan Chase has begun notifying investors of a data breach stemming from a third-party cybersecurity incident. The intrusion occurred not within JPMorgan's own systems, but at Fried, Frank, Harris, Shriver & Jacobson LLP, an external law firm, affecting the sensitive personal information of 659 investors.
This JPMorgan data breach highlights the significant risks associated with supply chain security, where vulnerabilities in a vendor's network can directly impact a primary institution's clients. The attack follows a similar disclosure by Goldman Sachs regarding the same incident in December 2025.
Scope of the Fried Frank Breach
According to a notification filed with the Maine Attorney General's Office, an unauthorized third party successfully accessed and copied files from a shared network drive at the law firm. This law firm cybersecurity incident has had a ripple effect across the financial sector.
For JPMorgan, the data breach has affected 659 investors in one of the bank's private equity funds. The exposed files contained a significant amount of personally identifiable information (PII), placing affected individuals at risk. The compromised investor data includes:
- Full names,Â
- Contact information,Â
- Financial account numbers,Â
- Social Security numbers,Â
- Passport and/or government identification numbers.
Cybersecurity Implications and Response
In December 2025, Goldman Sachs issued a similar warning to its investors, linking back to the same event at Fried Frank, as reported by Bloomberg. Both JPMorgan and Goldman Sachs have emphasized that their internal networks were not compromised.Â
In a statement, Fried Frank confirmed it experienced a data security incident. The firm is now facing legal action over the breach.
A data breach at the Technology vendor SitusAMC, which serves the real estate lending industry, exposed major bank client data, possibly from JPMorgan Chase, Citi, and Morgan Stanley. Compromised information includes corporate data related to some clients' dealings with the company, such as accounting documents and legal contracts.
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular