Several U.S. banking giants and mortgage lenders are reportedly scrambling to assess how much of their customers’ data was stolen during a cyberattack on a New York financial technology company earlier this month.
SitusAMC, which provides technology for over a thousand commercial and real estate financiers, confirmed in a statement over the weekend that it had identified a data breach on November 12.
The company said that unspecified hackers had stolen corporate data associated with its banking customers’ relationship with SitusAMC, as well as “accounting records and legal agreements” during the cyberattack.
The statement added that the scope and nature of the cyberattack “remains under investigation.” SitusAMC said that the incident is “now contained,” and that its systems are operational. The company said that no encrypting malware was used, suggesting that the hackers were focused on exfiltrating data from the company’s systems rather than causing destruction.
According to Bloomberg and CNN, citing sources, SitusAMC sent data breach notifications to several financial giants, including JPMorgan Chase, Citigroup, and Morgan Stanley. SitusAMC also counts pension funds and state governments as customers, according to its website.
It’s unclear how much data was taken, or how many U.S. banking consumers may be affected by the breach. Companies like SitusAMC may not be widely known outside of the financial world, but provide the mechanisms and technologies for its banking and real estate customers to comply with state and federal rules and regulations. In its role as a middleman for financial clients, the company handles vast amounts of non-public banking information on behalf of its customers.
According to SitusAMC’s website, the company processes billions of documents related to loans annually.
When reached by TechCrunch, Citi spokesperson Patricia Tuma declined to comment on the breach. Tuma would not say if the bank has received any communications from the hackers, such as a demand for money.
Representatives for JPMorgan Chase, and Morgan Stanley did not immediately respond to a request for comment Monday. SitusAMC chief executive Michael Franco also did not respond to our email when contacted for comment Monday.
The FBI is investigating the breach at SitusAMC. A spokesperson for the FBI did not respond to a request for comment outside of U.S. business hours.
