NEW YORK— Goldman Sachs has alerted investors in some of its alternative investment funds that sensitive personal and financial information may have been compromised in a cybersecurity breach at one of its outside law firms, according to regulatory filings and court documents.
In a Dec. 19 letter to affected clients, Goldman Sachs said it was notified by Fried, Frank, Harris, Shriver & Jacobson LLP that a “cybersecurity incident” occurred on the law firm’s network that could have exposed data the firm holds on behalf of certain Goldman Sachs funds, according to multiple media outlets.
Goldman emphasized that its own systems were not breached and remain secure, but said it is working with Fried Frank to determine whether client information was exposed.
Class Action Suit Filed
The notice to investors came as a class action lawsuit was filed in U.S. District Court for the Southern District of New York alleging Fried Frank failed to adequately safeguard sensitive information, including Social Security numbers, addresses and banking details tied to account investments associated with Goldman-managed private equity funds, according to Bloomberg Law.
Plaintiff Andrew Sacks, an investor in a Goldman fund affected by the incident, said in the filing that he was alarmed the breach occurred at the law firm and that Fried Frank had not directly notified account holders of the possible exposure, Bloomberg Law reported. The complaint seeks damages and at least 10 years of credit monitoring for affected individuals.
Firm Issues Statement
In a statement quoted by Bloomberg Law, Fried Frank acknowledged the security incident and said it acted quickly to contain the intrusion, engaged external cybersecurity experts and reported the matter to law enforcement. The firm said its client services have continued without disruption and that the vulnerability leading to the breach has been addressed, the report added.
