Hack of SitusAMC Puts Data of Financial Services Firms at Risk
None
<p>SitusAMC, which offers a range of real estate loan and mortgage services to high-profile financial institutions like JPMorgan Chase, Citi, and Morgan Stanley, is notifying some organizations that a large-scale data breach detected earlier this month may have exposed the data of clients and their customers.</p><p>In a <a href="https://www.situsamc.com/databreach" target="_blank" rel="noopener">notice</a> published over the weekend, SitusAMC executives gave high-level outlines of the attack, but few details on the extent or what data may have been taken. They wrote that the breach was detected November 12 and, over the following 10 days, launched an investigation with the help of “leading experts,” notified law enforcement agencies, and begun hardening their systems.</p><p>In the note and a letter to affected companies, SitusAMC wrote that “corporate data associated with certain of our clients’ relationship with SitusAMC such as accounting records and legal agreements has been impacted. Certain data relating to some of our clients’ customers may also have been impacted. The scope, nature and extent of such impact remains under investigation by the Company and its third-party advisors.”</p><p>With this attack, SitusAMC becomes the latest example of the increasing instances of third-party service providers, including in the financial services field, being targeted by threat actors that aim to get to leverage such breaches to access their customers’ networks.</p><h3>Big-Name Banking Firms ‘Scrambling’</h3><p>The New York Times reported that the more than 100 organizations that use SitusAMC’s services for a range of tasks – from real estate loan origination and assessing the risks of such loans to supporting the lifecycle of loans and evaluating real estate debt and equity – are “<a href="https://www.nytimes.com/2025/11/22/business/bank-data-hack.html" target="_blank" rel="noopener">scrambling</a>” to gauge the fallout from the data breach.</p><p>Citing five unnamed sources briefed on the hack, the news organization said JPMorgan Chase, Citi, and Morgan Stanley are three of the companies that were alerted by SitusAMC that their client data may have been stolen.</p><p>SitusAMC, which has about 5,000 employees, wrote in the notice that “the incident is now contained and our services are fully operational. No encrypting malware was involved.”</p><p>According to the NYT, FBI Director Kash Patel said in a statement that the agency is “working closely with affected organizations and our partners to understand the extent of potential impact,” adding that “we have identified no operational impact to banking services.”</p><h3>Growing Third-Party Risks</h3><p>The financial sector is becoming an attractive target for hackers and other bad actors. Verizon, in its annual <a href="https://www.verizon.com/business/resources/reports/dbir/" target="_blank" rel="noopener">Data Breach Investigations Report</a>, found that 30% of breaches in all industries involve third parties.</p><p>SecurityScorecard researchers noted that, with the high-value data financial institutions store and their critical position in the global economy, they’re becoming a growing target for cyberattacks. In their <a href="https://securityscorecard.com/resource/global-third-party-breach-report/" target="_blank" rel="noopener">2025 Global Third Party Breach Report</a>, financial services is fourth on the list of industries breached via third parties.</p><p>“From multinational banks to fintech startups, attackers exploit third-party vulnerabilities, unpatched infrastructure, and cloud misconfigurations to infiltrate financial networks,” they wrote in June, adding that their research found that <a href="https://securityscorecard.com/company/press/securityscorecard-threat-intel-report-97-of-leading-u-s-banks-impacted-by-third-party-data-breaches-in-2024/" target="_blank" rel="noopener">third-party data breaches</a> have affected 97% of the top 100 banks in the United Sates. “That scale of exposure signals a pressing need for stronger third-party oversight and continuous monitoring.”</p><p>For <a href="https://securityscorecard.com/research/defending-the-financial-supply-chain/" target="_blank" rel="noopener">fintech companies</a>, 41.8% of breaches originate from third parties.</p><p>“Some of the most damaging attacks in the financial sector typically stem from preventable failures such as missed patches, unmonitored vendor access, or unclear response plans,” the researchers wrote. “These aren’t just technical failures – they’re leadership and process failures.”</p><h3>The Rise in Use of Third-Party Services</h3><p>Agnidipta Sarkar, chief evangelist at security firm ColorTokens, told Security Boulevard that there’s been a sharp increase in Wall Street firms relying on third-party services apps and vendors, “with many banks offloading core processes, such as mortgage servicing, analytics, compliance, and even payment processing, to specialized technology providers.”</p><p>SitusAMC is among those service providers.</p><p>“The breach should be of significant concern to firms on Wall Street because of interconnectedness of data flows,” Sarkar said. “Typically, accounting records and legal agreements contain system architecture diagrams, data-sharing clauses, SLAs, or references to internal tools, which could be goldmines for attackers planning follow-on intrusions. If credentials are stolen, then there is potential of lateral movement at each of the firms who use the app, unless they have adequately designed micro-segmentation or if they use cryptographic passwordless credentials tied to associated hardware.”</p><p>The ripple effects also could roll over investors if their credentials are stolen and lead to regulatory scrutiny.</p><h3>AI Makes Such Attacks Easier to Scale</h3><p>AI is now playing a larger role in third-party breaches in all industries, said Dave Tyson, chief intelligence officer at risk intelligence company iCOUNTER told Security Boulevard. Third parties have always been attractive targets, but the amount of information needed – from deep knowledge of internal systems to executive profiles to IT infrastructure – made them difficult to pull off.</p><p>“Now, AI is making this level of targeting available to a much broader class of threat actors who can profile, conduct reconnaissance, and launch a sophisticated, cost-effective targeted attack with precision and speed,” Tyson said. “What was once limited by manual capacity and expertise is now able to be delivered as a commodity ranked by likelihood of successful compromise, maintaining anonymity, and value of the breach.”</p><p>Now that AI allows bad actors to more easily scale their attacks, “defenders [must] rethink their approach to protecting their attack surface, and to consider their entire connected ecosystem of third parties and supply chain in their monitoring or active compromises.”</p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2025/11/hack-of-situsamc-puts-data-of-financial-services-firms-at-risk/" data-a2a-title="Hack of SitusAMC Puts Data of Financial Services Firms at Risk"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F11%2Fhack-of-situsamc-puts-data-of-financial-services-firms-at-risk%2F&linkname=Hack%20of%20SitusAMC%20Puts%20Data%20of%20Financial%20Services%20Firms%20at%20Risk" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F11%2Fhack-of-situsamc-puts-data-of-financial-services-firms-at-risk%2F&linkname=Hack%20of%20SitusAMC%20Puts%20Data%20of%20Financial%20Services%20Firms%20at%20Risk" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F11%2Fhack-of-situsamc-puts-data-of-financial-services-firms-at-risk%2F&linkname=Hack%20of%20SitusAMC%20Puts%20Data%20of%20Financial%20Services%20Firms%20at%20Risk" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F11%2Fhack-of-situsamc-puts-data-of-financial-services-firms-at-risk%2F&linkname=Hack%20of%20SitusAMC%20Puts%20Data%20of%20Financial%20Services%20Firms%20at%20Risk" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F11%2Fhack-of-situsamc-puts-data-of-financial-services-firms-at-risk%2F&linkname=Hack%20of%20SitusAMC%20Puts%20Data%20of%20Financial%20Services%20Firms%20at%20Risk" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div>