Mortgage Data Breach Hits JPMorgan, Citi and Morgan Stanley After Large-Scale Vendor Cyberattack
The data reportedly includes internal contracts, accounting and legal documents, and potentially mortgage application details.
Wall Street was on high alert this weekend as a massive cyberattack on SitusAMC, a major technology vendor for real estate lenders, triggered fears that sensitive mortgage and customer data from some of America's biggest banks may have been exposed.
The breach, confirmed by the company on Saturday, involved a cyberattack on 12 November, and the firm has spent nearly two weeks assessing exactly what information hackers accessed.
SitusAMC works with hundreds of banks and lenders across the United States, performing critical tasks such as mortgage origination, servicing and payment collection. Because of this, the fallout could be significant.
JPMorgan, Citi and Morgan Stanley Warned of Potential Exposure
According to sources close to the investigation, JPMorgan Chase, Citigroup and Morgan Stanley are among the banks notified by SitusAMC that their client data may have been part of the breach.
The firm has confirmed that the compromised information is connected to residential mortgage loans, raising concerns about the potential exposure of personal financial details belonging to borrowers.
SitusAMC said it acted immediately after discovering the cyberattack and has been working with third-party forensic experts and federal authorities. The company also said its systems have been stabilised and insisted that the investigation is ongoing.
The banks themselves have not offered detailed public statements, but insiders say the scale of the incident has triggered urgent internal reviews across the financial sector.
FBI Takes Lead in Investigating the Hack
The Federal Bureau of Investigation has taken charge of the probe, and officials confirmed that they are examining how the hackers gained access and what information they may have extracted.
FBI Director Kashyap Patel said the bureau is working closely with affected institutions but added that investigators have so far found no operational disruption to the banking system.
Patel noted that the bureau would not provide further specifics while evidence is still being analysed.
Why This Breach Has Wall Street Worried
Cybersecurity analysts warn that the attack highlights a much bigger problem in the US financial system. Banks increasingly rely on a small number of powerful third-party vendors to process loans, manage data and support regulatory compliance. When one of these vendors is compromised, the impact can spread across the industry.
A recent study by SecurityScorecard found that 97% of the top 100 US banks suffered at least one third-party data breach in the past year, underscoring how fragile the ecosystem has become.
The Office of the Comptroller of the Currency (OCC) has repeatedly warned that this heavy dependence on external service providers creates systemic risk, particularly in areas like real estate finance where firms such as SitusAMC provide essential behind-the-scenes infrastructure.
As federal investigators continue their work, regulators and financial institutions are now racing to determine whether this latest breach could expose consumer identities, loan files, or sensitive lender information and whether additional cyber safeguards are urgently needed.
© Copyright IBTimes 2025. All rights reserved.
- MOST POPULAR IN Finance & Banking
