SitusAMC, a New York-based third-party tech vendor serving major Wall Street banks (including JPMorgan Chase, Citi, and Morgan Stanley), suffered a cyber breach exposing sensitive corporate data, legal agreements, and **customer mortgage records**. The attack, detected on **November 12th** and contained by November 22nd, compromised accounting records and residential mortgage data tied to clients’ customers. While the vendor confirmed no operational disruption or ransomware involvement, the breach’s scope remains under investigation. Given SitusAMC’s role in managing **$13.5 trillion in US mortgages (44% of America’s GDP)**, the incident raises critical concerns about systemic risks to financial institutions and the broader economy. The FBI downplayed immediate operational impacts but highlighted the potential for long-term reputational and financial fallout across the banking sector. The breach underscores vulnerabilities in third-party supply chains, echoing recent high-profile attacks on vendors like Marks & Spencer’s contractor and Salesforce’s Gainsight platform.
Source: https://www.digit.fyi/major-banks-hit-by-vendor-cyber-attack/
TPRM report: https://www.rankiteo.com/company/situsamc
"id": "sit2192821112425",
"linkid": "situsamc",
"type": "Breach",
"date": "11/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': ['JPMorgan Chase',
'Citi',
'Morgan Stanley',
'Hundreds of other banks, '
'private equity firms, asset '
'managers, and insurance '
'companies'],
'industry': 'Real Estate Loan Processing',
'location': 'New York, USA',
'name': 'SitusAMC',
'type': 'Third-Party Tech Vendor'},
{'industry': 'Financial Services',
'location': 'USA',
'name': 'JPMorgan Chase',
'size': 'Large (Global)',
'type': 'Bank'},
{'industry': 'Financial Services',
'location': 'USA',
'name': 'Citi',
'size': 'Large (Global)',
'type': 'Bank'},
{'industry': 'Financial Services',
'location': 'USA',
'name': 'Morgan Stanley',
'size': 'Large (Global)',
'type': 'Bank'}],
'customer_advisories': ['SitusAMC letter to clients'],
'data_breach': {'data_encryption': 'No (no encrypting malware used)',
'data_exfiltration': 'Likely (under investigation)',
'personally_identifiable_information': True,
'sensitivity_of_data': 'High (includes personal and financial '
'data)',
'type_of_data_compromised': ['Corporate data',
'Client legal agreements',
'Residential mortgage data',
'Personal identifiers in loan '
'applications',
'Sensitive investment bank '
'details']},
'date_detected': '2023-11-12',
'date_publicly_disclosed': '2023-11-22',
'description': 'Major Wall Street banks, including JPMorgan Chase, Citi, and '
'Morgan Stanley, were impacted by a cyber-attack targeting '
'SitusAMC, a third-party tech vendor processing real estate '
'loans. The breach exposed sensitive customer and mortgage '
'data, as well as corporate records and legal agreements. The '
'incident was first noticed on November 12, 2023, and '
'contained by November 22, 2023. The FBI and third-party '
'security experts are investigating the scope and extent of '
'the breach, which did not involve ransomware or encrypting '
'malware. SitusAMC’s systems remain operational, but the '
'breach has raised concerns about third-party vendor security '
'in critical supply chains.',
'impact': {'brand_reputation_impact': ['Potential reputational damage to '
'SitusAMC',
'Heightened concerns about third-party '
'vendor security in financial sector'],
'data_compromised': ['Corporate accounting records',
'Legal agreements with clients',
'Residential mortgage data',
'Customers’ personal data (loan applications)',
'Sensitive details about investment banks'],
'downtime': 'None (systems fully operational)',
'identity_theft_risk': ['High (personal data in loan applications '
'exposed)'],
'operational_impact': 'None reported for banking services (per '
'FBI)',
'systems_affected': ['SitusAMC internal systems']},
'initial_access_broker': {'high_value_targets': ['Residential mortgage data',
'Investment bank legal '
'agreements']},
'investigation_status': 'Ongoing (scope, nature, and extent under '
'investigation)',
'lessons_learned': ['Heightened risks of third-party vendor breaches in '
'critical supply chains',
'Need for stricter security practices for vendors (e.g., '
'JPMorgan CISO’s statement)',
'Potential systemic risk to financial sector from '
'concentrated third-party dependencies'],
'recommendations': ['Enhance third-party vendor security assessments',
'Implement stricter contractual security requirements for '
'vendors',
'Monitor dark web for exposed data',
'Conduct regular supply chain risk audits'],
'references': [{'source': 'New York Times'},
{'date_accessed': '2023-11-22',
'source': 'SitusAMC Customer Letter'},
{'source': 'FBI Statement (via NYT)'}],
'regulatory_compliance': {'regulatory_notifications': ['FBI involved']},
'response': {'communication_strategy': ['Customer letter issued',
'Public statement',
'FBI Director’s market-calming '
'statement'],
'containment_measures': ['Systems secured (details unspecified)'],
'incident_response_plan_activated': True,
'law_enforcement_notified': ['FBI'],
'third_party_assistance': ['Security experts (unnamed)']},
'stakeholder_advisories': ['FBI Director Kash Patel’s statement to calm '
'markets'],
'title': 'Cyber-Attack on SitusAMC Affecting Major Wall Street Banks',
'type': ['Data Breach', 'Third-Party Vendor Compromise']}