US Banks Scramble After SitusAMC Data Breach

Major U.S. banking institutions, including JPMorgan Chase, Citi, and Morgan Stanley, are urgently assessing the fallout from a recent cyberattack on New York-based financial technology firm SitusAMC. The breach, confirmed by SitusAMC on November 12, involved the theft of corporate data, accounting records, and legal agreements, prompting concerns over potential customer data exposure.

SitusAMC, a key technology provider for over a thousand commercial and real estate financiers, publicly acknowledged the data breach over the weekend. The company stated that unidentified hackers had exfiltrated corporate data related to its banking customers' relationships, alongside sensitive accounting records and legal agreements.

While the full scope and nature of the cyberattack remain under investigation, SitusAMC has confirmed that the incident is now contained and its systems are fully operational. Notably, the company reported no use of encrypting malware, suggesting the attackers' primary objective was data exfiltration rather than system destruction.

According to reports from Bloomberg and CNN, SitusAMC has issued data breach notifications to several financial giants, including JPMorgan Chase, Citigroup, and Morgan Stanley. Beyond these major banks, SitusAMC's website indicates its customer base also extends to pension funds and state governments, highlighting the broad potential impact of the breach.

Though not widely known outside financial circles, firms like SitusAMC are critical intermediaries, providing essential mechanisms and technologies that enable banking and real estate clients to comply with state and federal regulations. In this capacity, SitusAMC handles vast quantities of non-public banking information, processing billions of loan-related documents annually.

The exact volume of data stolen and the number of U.S. banking consumers potentially affected by the breach remain undisclosed. When contacted for comment, Citi spokesperson Patricia Tuma declined to provide details, including whether the bank had received any communication or demands from the hackers. Representatives for JPMorgan Chase and Morgan Stanley, along with SitusAMC chief executive Michael Franco, did not immediately respond to requests for comment.

The Federal Bureau of Investigation (FBI) has launched an investigation into the SitusAMC breach. An FBI spokesperson did not respond to inquiries made outside of U.S. business hours.