JPMorgan, Citi, Morgan Stanley Client Data May Be Exposed by Vendor's Hack – NYT Reports
The U.S. financial sector has witnessed a new development in cyberattacks targeting financial markets and technology service providers. According to The New York Times, citing sources familiar with the matter, client data from several major U.S. banks—including JPMorgan Chase, Citi, and Morgan Stanley—may have been exposed following a cyberattack on a technology vendor serving these institutions.
Details of the Breach
SitusAMC, a New York-based technology company providing services to real estate lenders and financial institutions, reported a cyberattack on November 12, which compromised certain information in its systems. The company stated that the breach may involve data linked to clients of some of its financial partners, without explicitly naming the affected banks.
While the company has not confirmed the identities of all affected institutions, the New York Times report highlighted that JPMorgan Chase, Citi, and Morgan Stanley could potentially have client data impacted.
Nature of the Compromised Data
SitusAMC indicated that the breached information included corporate data related to business dealings with its clients, such as:
- Accounting documents
- Legal contracts
- Data associated with lending operations and commercial relationships
The company also emphasized that investigations are ongoing to assess the full extent of the compromised data.
Official Responses
The three banks have not issued formal statements regarding the incident as of the report.
SitusAMC confirmed that the incident has been contained, and its services are fully operational. They also stressed that no ransomware or malicious encryption was involved.
The FBI has stated that it is working with the affected organizations to evaluate the impact of the breach, noting that there has been no operational disruption to banking services.
Security Implications and Potential Risks
This incident underscores the growing risks associated with third-party vendors in the financial sector. Cybercriminals increasingly target supporting technology firms rather than the banks themselves, creating potential vulnerabilities beyond the banks’ internal controls.
The breach highlights the importance of:
- Strengthening digital supply chain risk management
- Increasing scrutiny of technology vendors contracted by financial institutions
- Encrypting sensitive data even outside core banking systems
The cyberattack on SitusAMC illustrates a new dimension of financial data security risks, where client data can be exposed through external service providers rather than directly through banks. While the full scale of the impact remains unclear, the incident signals the critical need for enhanced cybersecurity measures across the entire financial ecosystem
