Goldman Sachs alternative investment fund clients exposed in third party law firm breach

Goldman Sachs Asset Management has notified investors in its alternative investment funds about a cybersecurity incident at Fried Frank Harris Shriver & Jacobson LLP, a law firm serving as external counsel to many of Goldman's alternatives funds. 

In a letter dated December 19, 2025, Goldman informed affected clients that the law firm had experienced a security breach that may have exposed sensitive investor data. Goldman claims that its own systems are secure and were not impacted by the incident.

ried Frank acknowledged the incident in a statement, confirming that the firm contained the breach and engaged external data security experts to assist in response efforts and verify system security. The law firm reported the matter to law enforcement. 

The types of exposed data and number of affected individuals is not disclosed. 

The incident quickly resulted in legal action when Andrew Sacks, an investor in Goldman's Petershill Private Equity Seeding II Offshore Fund, filed a proposed class action lawsuit against Fried Frank on December 24, 2025, just five days after Goldman's initial notification. The complaint, filed in the Southern District of New York under case number 1:25-cv-10693, alleges that the law firm failed to adequately safeguard sensitive personal information and brings claims for negligence, breach of implied contract, breach of fiduciary duty, and unjust enrichment. The plaintiff seeks to represent a class of all persons whose data was compromised as a result of the breach and who were notified on or after December 19, 2025. The lawsuit demands damages and requires Fried Frank to provide at least 10 years of credit monitoring services for affected individuals.