SitusAMC, a provider of loans and mortgage services to major US banks (including JPMorgan Chase and Citigroup), suffered a cyber attack in November 2025. The breach compromised **corporate data** (accounting records, legal agreements) and **customer-related data** linked to its banking clients. The incident exposed vulnerabilities in third-party supplier security, highlighting risks in the interconnected financial services ecosystem. The FBI was notified, and SitusAMC conducted keyword searches to identify impacted client data. The attack underscores a shift in cybercriminal tactics—prioritizing **stealthy data exfiltration** over immediate disruption—while emphasizing the critical need for robust vendor risk management. The breach’s ripple effect threatens financial institutions’ operational resilience, with potential long-term reputational and financial consequences for both SitusAMC and its banking partners.
SitusAMC cybersecurity rating report: https://www.rankiteo.com/company/situsamc
"id": "SIT3233032112625",
"linkid": "situsamc",
"type": "Cyber Attack",
"date": "11/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': "Clients' customers (scope under "
'investigation)',
'industry': 'Financial Services (Loan/Mortgage '
'Technology)',
'location': 'United States',
'name': 'SitusAMC',
'type': 'Fintech Service Provider'},
{'industry': 'Financial Services',
'location': 'United States',
'name': 'JPMorgan Chase',
'type': 'Bank'},
{'industry': 'Financial Services',
'location': 'United States',
'name': 'Citigroup',
'type': 'Bank'}],
'data_breach': {'data_exfiltration': True,
'personally_identifiable_information': 'Possible (not '
'explicitly confirmed)',
'sensitivity_of_data': 'High (financial/legal documents)',
'type_of_data_compromised': ['Corporate Data (Accounting '
'Records, Legal Agreements)',
"Clients' Customer Data"]},
'date_detected': '2025-11-12',
'date_publicly_disclosed': '2025-11-22',
'description': 'SitusAMC, a tech supplier providing loans and mortgage '
'services to US banks (including JPMorgan Chase and '
'Citigroup), suffered a cyber attack resulting in the '
"compromise of 'certain information' from its systems. "
'Corporate data such as accounting records and legal '
"agreements, as well as some clients' customer data, were "
'impacted. The breach highlights risks in the financial '
"sector's growing reliance on third-party fintech partners. "
'The FBI was notified, and SitusAMC is conducting keyword '
'searches to identify affected clients.',
'impact': {'brand_reputation_impact': 'Potential reputational damage to '
'SitusAMC and affected banks (e.g., '
'JPMorgan Chase, Citigroup)',
'data_compromised': ['Accounting Records',
'Legal Agreements',
"Clients' Customer Data"],
'identity_theft_risk': 'Possible (if customer data included PII)',
'operational_impact': 'Ongoing data review and keyword searches to '
'identify impacted clients'},
'initial_access_broker': {'high_value_targets': ['Loan/Mortgage Documents',
'Accounting Records',
'Legal Agreements']},
'investigation_status': 'Ongoing (data review phase with keyword searches)',
'lessons_learned': ['Third-party fintech partners introduce significant risk '
'to financial institutions, with 96% of EU financial '
'firms affected by third-party breaches (per '
'SecurityScorecard).',
'Attackers are shifting toward quiet data extraction over '
'disruptive attacks, complicating detection.',
'Continuous visibility into vendor ecosystems and '
'real-time validation of partner controls are critical.'],
'motivation': ['Data Theft', 'Espionage'],
'ransomware': {'data_exfiltration': True},
'recommendations': ['Financial institutions must elevate partner risk '
'management to the level of internal security.',
'Implement continuous monitoring of third/fourth-party '
"vendors (as mandated by regulations like the EU's "
'Digital Operational Resilience Act).',
'Assume all non-public data shared with partners is a '
'potential exposure point.'],
'references': [{'source': 'SecurityScorecard Research (2025)'},
{'source': 'SitusAMC Public Statements (2025-11-22, '
'2025-11-25)'},
{'source': 'EU Digital Operational Resilience Act (DORA)'}],
'regulatory_compliance': {'regulatory_notifications': ['FBI notified']},
'response': {'communication_strategy': 'Public statements on 2025-11-22 and '
'2025-11-25',
'incident_response_plan_activated': True,
'law_enforcement_notified': True,
'remediation_measures': 'Data review process with keyword '
'searches to identify impacted clients'},
'title': "SitusAMC Cyber Attack Exposes US Banks' Loan and Mortgage Data",
'type': ['Data Breach', 'Third-Party Breach']}