Major U.S. banks, including JPMorgan Chase, Citi and Morgan Stanley, are evaluating their exposure to a cybersecurity incident at SitusAMC, a New York–based real estate financial technology firm. The company, which serves more than 1,500 clients in residential and commercial mortgage processing, revealed that it discovered the breach on November 12 and confirmed that internal corporate data—such as accounting records and legal agreements—had been accessed. It remains unclear whether the information was stolen or merely viewed.
SitusAMC also acknowledged that certain data linked to its clients’ customers may have been affected, though it stressed that no encrypting malware was involved and that the incident has been contained. The New York Times reported that sensitive mortgage-related information, including Social Security numbers and employment records, may have been exposed. JPMorgan Chase said none of its systems were directly compromised, while Citi and Morgan Stanley did not comment.
The FBI has launched an investigation into the incident. SitusAMC has notified impacted customers.
This breach highlights the rising threat of third-party cybersecurity failures. According to Verizon’s 2025 Data Breach Investigations Report, nearly 30% of all incidents stem from third-party compromises. FINRA similarly warned in late 2024 that growing dependence on external vendors significantly increases risk for financial firms.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
