Real-estate technology and services provider SitusAMC has confirmed a cyber incident that exposed sensitive corporate information connected to several major U.S. banks and financial institutions. The company disclosed the breach over the weekend, noting that the intrusion occurred on November 12 and involved unauthorized access to internal data systems.
According to the New York-based firm, the attackers obtained corporate records, including accounting documents and legal agreements linked to clients. In some cases, data belonging to customers of those financial institutions may also have been accessed. SitusAMC emphasized that the incident did not involve file-encrypting ransomware.
The organization says it immediately launched an investigation in coordination with cybersecurity specialists and law enforcement agencies. In response to the breach, SitusAMC implemented containment measures such as resetting credentials, shutting down remote access tools, and updating firewall configurations. The company reports that operations have since returned to normal.
While the inquiry into the scope and nature of the breach remains ongoing, the identity and motive of the threat actor have not yet been determined. Officials also noted that it is still unclear which specific products or services were affected.
In a statement to the media, FBI Director Kash Patel said there has been no operational disruption to banking services, adding that federal authorities are working closely with impacted organizations to assess potential risks.
Although SitusAMC did not identify its affected clients, outside reporting indicates that major institutions—including JPMorgan Chase, Citi, and Morgan Stanley—are among those evaluating possible exposure.
SitusAMC provides technology and compliance solutions to more than a thousand financial organizations, supporting banks, mortgage lenders, real estate firms, pension funds, and government entities. The company processes billions of loan documents annually, making it a critical third-party partner across the financial sector.
Security experts say the breach underscores a broader shift in cybercriminal tactics.
“Attackers are increasingly focusing on quietly extracting sensitive data rather than causing immediate operational damage,” said Steve Cobb, CISO at SecurityScorecard. He warned that this trend complicates detection and elevates the risks tied to third-party service providers.
Amir Khayat, CEO and co-founder of Vorlon, noted that organizations must prioritize stronger oversight of external partners:
“Rank every third party by the potential damage it could cause, not by contract value. Hold vendors to the same security standards you require internally, and monitor behavior at the data layer so anomalies are caught immediately.”
As the investigation continues, financial institutions are reviewing their vendor-risk strategies and assessing whether additional safeguards are needed to protect the sensitive data entrusted to key service providers.
