A cyberattack on real estate finance and mortgage technology provider SitusAMC has raised serious questions about third-party data exposure in financial services, after the company confirmed that attackers accessed confidential information linked to several major banking clients. The incident, discovered after an intrusion on November 12, involved unauthorized access to internal systems and the exfiltration of corporate records. Subsequent reporting suggests that data connected to customers of JPMorgan Chase, Citigroup, and Morgan Stanley may have been exposed.
SitusAMC plays a critical role in the mortgage industry, offering technology and services that support loan origination, servicing, securitization, and analytics. Its position gives it access to highly sensitive information, including mortgage documentation, income records, and legal contracts. According to the company, attackers accessed corporate information connected to client relationships, and some customer data may have been impacted, though the full scope remains under review.
Unlike many recent attacks on financial suppliers, there is no indication that ransomware or destructive tooling was deployed. SitusAMC has stated that systems remain operational, the intrusion has been contained, and law enforcement is involved. Affected banks are conducting their own assessments to determine which data attributes were exposed and what remediation or notification steps may be required.
More Info