Fried Frank Data Breach Exposes PII of 659 JPMorgan Clients
A data breach at law firm Fried, Frank, Harris, Shriver & Jacobson LLP has compromised the personal information of 659 JPMorgan Chase clients, including investors and associated individuals. The incident stemmed from a compromised user account that allowed an unauthorized third party to access and copy files from a shared network drive.
The breach was discovered on October 27, 2025, with JPMorgan Chase notified on December 9, 2025. Exposed data included names, account numbers, Social Security numbers, passport numbers, government IDs, and contact details. Affected individuals spanned multiple states, with 37 in Massachusetts, two in New Hampshire, and one in Maine.
Regulatory disclosures were filed with the Maine Attorney General, Massachusetts Office of Consumer Affairs and Business Regulation, and New Hampshire Attorney General on January 12, 2026.
In response, JPMorgan Chase and Fried Frank conducted a joint review to assess the breach’s scope and bolster security measures. While JPMorgan’s systems remained uncompromised, the firm is offering affected clients two years of free credit monitoring through Experian IdentityWorks, including daily credit monitoring, identity theft resolution, and $1 million in insurance coverage.
The incident highlights vulnerabilities in third-party legal service providers handling sensitive financial data.
Source: https://www.claimdepot.com/data-breach/fried-frank-2026
JPMorganChase cybersecurity rating report: https://www.rankiteo.com/company/jpmorganchase
Fried Frank cybersecurity rating report: https://www.rankiteo.com/company/friedfrank
"id": "JPMFRI1768878048",
"linkid": "jpmorganchase, friedfrank",
"type": "Breach",
"date": "10/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '659 JPMorgan Chase clients',
'industry': 'Legal Services',
'location': 'United States',
'name': 'Fried, Frank, Harris, Shriver & Jacobson LLP',
'type': 'Law Firm'},
{'customers_affected': '659 clients',
'industry': 'Banking',
'location': 'United States',
'name': 'JPMorgan Chase',
'type': 'Financial Institution'}],
'attack_vector': 'Compromised User Account',
'customer_advisories': 'Offering two years of free credit monitoring through '
'Experian IdentityWorks, including daily credit '
'monitoring, identity theft resolution, and $1 million '
'in insurance coverage',
'data_breach': {'data_exfiltration': 'Yes',
'number_of_records_exposed': '659',
'personally_identifiable_information': 'Names, account '
'numbers, Social '
'Security numbers, '
'passport numbers, '
'government IDs, '
'contact details',
'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Personally Identifiable '
'Information (PII)'},
'date_detected': '2025-10-27',
'date_publicly_disclosed': '2026-01-12',
'description': 'A data breach at law firm Fried, Frank, Harris, Shriver & '
'Jacobson LLP has compromised the personal information of 659 '
'JPMorgan Chase clients, including investors and associated '
'individuals. The incident stemmed from a compromised user '
'account that allowed an unauthorized third party to access '
'and copy files from a shared network drive.',
'impact': {'brand_reputation_impact': 'High',
'data_compromised': 'Names, account numbers, Social Security '
'numbers, passport numbers, government IDs, '
'and contact details',
'identity_theft_risk': 'High',
'systems_affected': 'Shared network drive'},
'initial_access_broker': {'entry_point': 'Compromised user account'},
'lessons_learned': 'Highlights vulnerabilities in third-party legal service '
'providers handling sensitive financial data',
'post_incident_analysis': {'corrective_actions': 'Joint review to bolster '
'security measures',
'root_causes': 'Compromised user account leading '
'to unauthorized access to shared '
'network drive'},
'references': [{'source': 'Regulatory filings'}],
'regulatory_compliance': {'regulatory_notifications': ['Maine Attorney '
'General',
'Massachusetts Office '
'of Consumer Affairs '
'and Business '
'Regulation',
'New Hampshire '
'Attorney General']},
'response': {'communication_strategy': 'Regulatory disclosures filed with '
'Maine, Massachusetts, and New '
'Hampshire authorities',
'recovery_measures': 'Offering two years of free credit '
'monitoring through Experian IdentityWorks',
'remediation_measures': 'Joint review to assess breach scope and '
'bolster security measures'},
'title': 'Fried Frank Data Breach Exposes PII of 659 JPMorgan Clients',
'type': 'Data Breach',
'vulnerability_exploited': 'Unauthorized access to shared network drive'}