Executive Summary
- SitusAMC, a mortgage tech vendor, suffered a data breach discovered on November 12, 2025.
- Major clients including JPMorgan Chase, Citigroup, and Morgan Stanley were affected.
- Compromised data includes social security numbers, legal agreements, and accounting records.
- The FBI confirmed no immediate operational impact on banking services despite the data theft.
Major U.S. financial institutions, including JPMorgan Chase, Citigroup, and Morgan Stanley, have been notified of a significant data breach involving SitusAMC, a third-party technology vendor specializing in mortgage and real estate services. The New York-based firm confirmed that a cyber intrusion detected earlier this month resulted in the exfiltration of sensitive corporate records and client data.
According to a statement released by SitusAMC, the company became aware of the security incident on November 12, 2025. The investigation determined that unauthorized actors accessed systems containing accounting records, legal agreements, and potentially employee credentials. Reports indicate that the exposed data is primarily linked to residential loan mortgages and includes personally identifiable information such as social security numbers.
SitusAMC serves approximately 1,500 clients across the financial sector. The company disclosed that the attack did not involve encrypting malware, commonly known as ransomware, which suggests the perpetrators were focused on data theft rather than disrupting system operations. SitusAMC stated that the incident is now “fully contained.”
Federal authorities are actively investigating the breach. In a statement regarding the incident, FBI Director Kash Patel noted that while the bureau is working closely with affected organizations to assess the scope of the compromise, there has been “no operational impact to banking services” identified at this time. The affected banks have reportedly been notified individually but have declined to provide independent comments on the specific volume of data procured during the theft.
Operational Risk Assessment
This incident highlights the persistent vulnerabilities within the financial services supply chain, particularly regarding third-party vendors who handle sensitive mortgage and lending data. While the absence of ransomware indicates a lower risk of immediate operational paralysis, the exfiltration of social security numbers and internal legal documents poses significant long-term risks regarding identity theft and corporate espionage. As financial institutions increasingly rely on external fintech operators like SitusAMC, regulatory scrutiny regarding vendor risk management protocols is likely to intensify to prevent similar downstream exposures.
