Real-estate lending and investing solutions provider SitusAMC over the weekend disclosed a data breach impacting some of the largest banks and financial institutions in the United States.
The incident occurred on November 12 and resulted in a threat actor accessing certain information from SitusAMC’s systems, the New York-based firm said in a Saturday notice.
“Corporate data associated with certain of our clients’ relationship with SitusAMC such as accounting records and legal agreements has been impacted. Certain data relating to some of our clients’ customers may also have been impacted,” the company said.
SitusAMC said it has been investigating the attack in collaboration with law enforcement and security experts, and implemented measures to contain the incident, including resetting credentials, disabling remote access tools, and updating firewall rules.
“The incident is now contained and our services are fully operational. No encrypting malware was involved,” SitusAMC said.
The company noted that it has yet to determine the services and products that were affected, as well as scope, nature, and extent of the incident. It’s also unclear who is behind the attack.
“While we are working closely with affected organizations and our partners to understand the extent of potential impact, we have identified no operational impact to banking services,” FBI Director Kash Patel said in a statement to the media.
While SitusAMC did not name the customers that might have been affected, The New York Times reported that JPMorgan Chase, Citi, and Morgan Stanley are among the affected entities.
SitusAMC provides technology solutions to over a thousand financial institutions, including banks, real estate companies, mortgage lenders, pension funds, and governmental agencies. It handles billions of loan documents annually, helping its clients comply with rules and regulations.
“The breach illustrates how attackers are shifting toward quietly extracting sensitive information instead of causing immediate disruption. That change in tactics makes detection harder and raises the stakes for organizations that depend on vendor‑managed data,” SecurityScorecard CISO Steve Cobb said.
“This shows why banks, and their suppliers, must elevate vendor risk management to the same level as internal security. Every partner that touches nonpublic data is a potential exposure point. Organizations need continuous visibility into the health of their vendor ecosystem along with real time validation that partner controls are functioning,” Cobb added.
Vorlon co-founder and CEO Amir Khayat commented, “Rank every third party by the damage it could cause, not by contract size. Hold your vendors to the same patching deadlines and credential hygiene you enforce internally. Most importantly, deploy continuous behavioral monitoring at the data layer so you can cut a vendor’s tokens the moment its API calls drift from the norm.”
Related: Spanish Airline Iberia Notifies Customers of Data Breach
Related: 146,000 Impacted by Delta Dental of Virginia Data Breach
Related: CrowdStrike Insider Helped Hackers Falsely Claim System Breach
Related: Salesforce Instances Hacked via Gainsight Integrations
