Wall Street banks scramble to assess fallout from hack of real-estate data firm
By Sean Lyngaas, Evan Perez, CNN
(CNN) — Hackers stole a trove of data from a company used by major Wall Street banks for real-estate loans and mortgages, setting off a scramble to determine what was taken and which banks were affected, according to people familiar with the investigation and a statement from the firm.
New York-based SitusAMC, which boasts 1,500 clients, said Saturday night that account records and legal agreements related to some of its clients had been impacted in the hack.
“The incident is now contained and our services are fully operational,” SitusAMC said. “No encrypting malware was involved.”
The firm discovered the unauthorized access to its systems on November 12 and within a few days was warning customers that they could be affected.
The firm sent a broad batch of notifications to customers, including JPMorgan Chase and Citi, that their data could be affected by the hack, the sources said. But it was not immediately clear which clients had their information accessed by the hackers. The investigation is ongoing.
Spokespeople for JPMorgan Chase and Citi declined to comment on the hack of SitusAMC.
It was not immediately clear who was responsible for the hack. The FBI is investigating the incident.
“While we are working closely with affected organizations and our partners to understand the extent of potential impact, we have identified no operational impact to banking services,” FBI Director Kash Patel said in a statement. “We remain committed to identifying those responsible and safeguarding the security of our critical infrastructure.”
The New York Times first reported on the hacking incident.
Large banks spend hundreds of millions of dollars annually on cybersecurity, and the financial sector has earned a reputation for being one of the better defended. But cyberattacks against the sector are relentless, and the interdependence of various firms can create vulnerabilities, according to experts.
“The SitusAMC breach is a stark reminder that the weakest links may be buried deep within the technology partnerships and vendor dependencies that fuel critical operations,” said Munish Walther-Puri, head of critical digital infrastructure at cybersecurity firm TPO Group.
“When one trusted vendor falters, the ripple can expose the intricate web of unseen risk that binds the sector together; resilience is not just a policy, but a collective responsibility,” Walther-Puri said.
CNN’s Matt Egan contributed to this report.
The-CNN-Wire
™ & © 2025 Cable News Network, Inc., a Warner Bros. Discovery Company. All rights reserved.
