Several major U.S. banks and mortgage lenders are racing to determine how much of their customers’ data may have been stolen following a cyberattack on SitusAMC, a New York financial technology company.
SitusAMC, which provides tech services to over a thousand commercial and real estate financiers, confirmed that it discovered a data breach on November 12.
The company said hackers stole corporate data linked to its banking partners, including accounting records and legal agreements.
SitusAMC noted that the full scope of the breach is still under investigation, but said the incident is now contained and its systems are fully operational. The hackers did not use encrypting malware, suggesting they focused on stealing data, not damaging systems.
Sources told Bloomberg and CNN that SitusAMC has already notified several financial giants, including JPMorgan Chase, Citigroup, and Morgan Stanley, about the breach. The company also works with pension funds and state governments, meaning even more institutions could be affected.
It remains unclear how much data was taken or how many U.S. consumers might be impacted. Companies like SitusAMC aren’t widely known to the public, but they handle enormous volumes of confidential financial information on behalf of banks and real estate firms.
According to the company’s website, it processes billions of loan-related documents every year.
Related: Buy Now, Pay Later Debt Surge Worries Experts
When contacted by TechCrunch, Citi spokesperson Patricia Tuma declined to comment on the situation. JPMorgan Chase, Morgan Stanley, and SitusAMC’s CEO Michael Franco also did not respond to requests for comment.
The FBI is investigating the breach, though the agency has not yet provided additional details.
