SitusAMC Cyber Breach Sparks Fallout for JPMorgan, Citi, and Morgan Stanley

A cyberattack on mortgage-processing vendor SitusAMC has big banks bracing for fallout. And the scope may be wider than anyone expected.

SitusAMC said it discovered unauthorized access to its systems on Nov. 12. The firm later confirmed that the attackers stole internal corporate data tied to some client relationships, including accounting records and legal agreements. The company also acknowledged that some information about its clients’ customers may have been affected, though the scope “remains under investigation.”

Multiple major banks, including JPMorgan Chase, Citigroup, and Morgan Stanley, were notified by SitusAMC that their data may have been compromised in the breach, according to reports from multiple outlets, including Bloomberg and CNN.

The attack has left lenders scrambling internally to determine whether customer data tied to mortgages or real estate loans was accessed. Large institutions declined to share details, underscoring the uncertainty that still surrounds the incident.

Despite the breach, SitusAMC emphasized that its platforms remain operational. The company stated, “The incident is now contained and our services are fully operational.” It also confirmed, “No encrypting malware was involved.”

Federal authorities step in

SitusAMC said “upon learning of the incident,” it immediately launched an investigation, brought in leading cybersecurity experts, and notified federal law enforcement.

In a statement shared with TechCrunch, FBI Director Kash Patel said, “While we are working closely with affected organizations and our partners to understand the extent of potential impact, we have identified no operational impact to banking services.” He added, “We remain committed to identifying those responsible and safeguarding the security of our critical infrastructure.”

Cybersecurity experts say this incident highlights the risks associated with third-party vendors. Even though large banks invest heavily in cyber defense, they still depend on smaller partners that may not have the same level of protection.

SitusAMC says it remains in “direct, regular contact” with clients and will share updates as the forensic investigation progresses.

For more on major security threats, check out our coverage of Google’s emergency Chrome update affecting over 2 billion users.

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts