Finance & Banking,
Industry Specific
JP Morgan Chase, Citi, and Morgan Stanley Affected by Cybersecurity Breach
Major financial institutions in the U.S., including JP Morgan Chase, Citi, and Morgan Stanley, are currently evaluating their exposure to a recent cybersecurity incident involving SitusAMC, a real estate fintech company. The organization disclosed on Saturday that the breach might have compromised client data.
SitusAMC, based in New York, provides services to around 1,500 clients, focusing on residential and commercial mortgage origination and payment processing. The firm revealed that it detected the breach on November 12, confirming that corporate data, such as accounting records and legal agreements, were affected. It remains unclear whether the data was stolen or merely accessed, although the company clarified that “no encrypting malware was involved” and assured stakeholders that “the incident is now contained.”
As a provider of mortgage processing services, SitusAMC handles a range of sensitive information, including Social Security numbers, employment records, and passport details. The New York Times reported that the breach may have exposed information related specifically to residential loan mortgages.
SitusAMC has not clarified whether personal data was compromised. Reports have indicated that affected clients include some of America’s largest banks. A JPMorgan Chase spokesperson stated that the banking systems were not directly compromised during this incident. Meanwhile, a Citi representative opted not to comment, and Morgan Stanley has yet to respond to requests for clarification. FBI Director Kash Patel indicated that an investigation into the matter is underway.
The breach underscores a rising trend in incidents linked to third-party compromises, which represented nearly 30% of all breaches in 2025, according to Verizon’s annual Data Breach Investigations Report. The Financial Industry Regulatory Authority raised alarms in October 2024 about a notable increase in cyberattacks against third-party service providers used by financial institutions, stating that reliance on these external partners intensifies risk exposure.
While the exact tactics used in this incident remain unidentified, it is essential for organizations to consider MITRE ATT&CK’s framework when reviewing such breaches. Potential tactics could include initial access methods, which may involve exploiting vulnerabilities or utilizing phishing techniques, as well as persistence strategies that ensure continued access to compromised systems. Business owners are encouraged to review their cybersecurity measures in light of this incident, assessing both internal defenses and third-party vendor security protocols.
As this situation develops, SitusAMC reported that it has informed impacted customers about the breach, highlighting the importance of timely communication in managing cybersecurity incidents.
