Several US banks have reportedly started scrambling to assess how much of their customers’ data was stolen during a cyberattack on SitusAMC.
Following this announcement, hackers stole a trove of data from a company used by major Wall Street banks for real-estate loans and mortgages. This set off a scramble to determine what was taken and which banks and financial institutions were affected, according to CNN Business, which provided information from people familiar with the investigation and a statement from the firm.
New York-based SitusAMC mentioned that account records and legal agreements related to some of its clients and customers had been impacted in the hack. In addition, it was mentioned that the incident was contained, and its services are fully operational, but no encrypting malware was involved. The firm also discovered the unauthorised access to its systems on November 12, 2025, and within a few days was warning customers that they could be affected.
SitusAMC cyberattack exposed mortgage data and the FBI’s strategy to solve the incident
Large banks and financial institutions spend hundreds of millions of USD annually on cybersecurity, and the financial sector has earned a reputation for being one of the defended landscapes that focuses on protecting its customers. However, cyberattacks against the sector are relentless, and the overall interdependence of various firms and companies can develop vulnerabilities and risks.
According to CNN Business, the firm sent several notifications to customers, including JPMorgan Chase and Citi, that their data could be affected by the hack, but it was not immediately clear which clients had their information accessed by the hackers. At the moment, the investigation is ongoing, as spokespeople for JPMorgan Chase and Citi declined to comment on the hack of SitusAMC. At the same time, it was not immediately clear who was responsible for the hack, as the FBI is still investigating the incident.
While the institution is working closely with affected organisations and its partners in order to understand the extent of the potential impact, the FBI also identified no operational impact to banking services. The organisation is expected to remain committed to the process of identifying those responsible and safeguarding the overall security of critical infrastructure.
Instead of a direct hit on a marquee bank, the attackers are suspected to have gone after the connective tissue of the mortgage and commercial property markets, which exposed how much risk is concentrated in a handful of lightly visible service firms.
