Wall Street Banks' Customer Data Stolen
Wall Street, New York, United States. Lo Lo/Unsplash

SitusAMC, a technology firm that supports major real‑estate finance operations for leading Wall Street banks, has disclosed a serious data breach.

The company revealed it first detected unauthorised access on 12 November 2025, and only went public on 22 November 2025 with the fallout. Sensitive client and customer data appear to have been stolen — affecting some of the biggest US banks.

The incident has prompted a scramble to assess the damage, as the breach was attributed to a supply‑chain weakness.

READ MORE: Qantas Data Breach 2025: How To Know If Your Data Was Exposed — Steps To Protect Yourself

READ MORE: Discord Data Breach 2025: Around 70,000 ID Photos Leaked in Massive Cyberattack — What Should You Do?

Wall Street Banks' Customer Data Stolen

Customer data from JPMorgan Chase, Citi and Morgan Stanley may have been compromised. These banks use SitusAMC for mortgage servicing, real‑estate loan payments and legal documentation. The vendor has up to 1,500 clients, amplifying the potential reach of the breach.

SitusAMC confirmed that hackers were able to access accounting records, corporate legal contracts, and other documentation tied to client relationships. The company also acknowledged that some customer-level data may be impacted, such as personally identifiable information, mortgage and real-estate loan data — though the exact scale remains unclear.

Analysts warn that such data could fuel identity theft or fraud if misused.

SitusAMC Data Breach Contained

Via its official press release, SitusAMC says it has taken swift action to contain the breach. According to its public statement, the incident is now under control and its services are fully operational again.

The company launched a full internal investigation with leading cybersecurity experts and notified federal law enforcement. Technical measures included credential resets, disabling remote-access tools, updating firewall rules, and strengthening security settings.

In a letter to clients, SitusAMC said it remains in direct, regular contact with its customers. It pledged to keep analysing potentially affected data and provide updates as the probe continues.

Hackers Behind Data Breach Still Unknown

Authorities haven't identified yet the hackers who carried out the attack. SitusAMC is still trying to identify whether the culprit was a criminal group, a lone actor, or a state-sponsored operation. The firm said the 'scope, nature and extent' of the damage is still being investigated.

Meanwhile, the FBI is investigating. According to its director, Kash Patel, authorities are working with affected organisations.

'While we are working closely with affected organizations and our partners to understand the extent of potential impact, we have identified no operational impact to banking services', stated Patel.

He added they have so far found no operational impact to banking services.

Should Bank Customers Worry?

This breach raises fresh concerns about the vulnerability of third-party vendors deeply integrated into major banks. Because SitusAMC handles critical mortgage and legal operations, exposure of its systems puts many institutions at risk.

SitusAMC, however, has sought to reassure clients. It emphasised that no encrypting malware was used. The company said it is monitoring systems continuously, analysing potential data impact, and taking further action to secure its network.

As investigations progress, affected banks are evaluating exactly which customers were exposed. For now, the firm insists it takes the incident 'very seriously' and is committed to safeguarding client data.

This breach underscores how even large, well-resourced Wall Street banks are vulnerable — not just through their own systems, but via third‑party vendors in their supply chain.

Writer's pick