A cyberattack on third-party vendor SitusAMC has impacted sensitive mortgage data connected to major financial institutions, such as JPMorgan, Citi, and Morgan Stanley.

Investigation by the FBI

The Federal Bureau of Investigation (FBI) is now in charge of investigating the data breach, which also compromised Social Security Numbers. The incident raised concerns about potential vulnerabilities within the financial system due to reliance on third-party vendors.

Mortgage Data Compromised

The cyberattack occurred on November 12, 2025, and affected mortgage information from JPMorgan, Citi, and Morgan Stanley. These banks and regulators quickly responded by assessing the extent of their exposure to the breach.

SitusAMC, which supports banks and lenders across the United States in mortgage origination, servicing, and payment processing, acknowledged spending about two weeks identifying the specific data accessed by hackers. Given its significant role, SitusAMC’s breach could have broader implications.

The New York Times reported that even though corporate entities are accustomed to dealing with cyberattacks, this particular breach heightened concerns on Wall Street due to SitusAMC holding substantial personal data from loan applications. The vendor has been providing near-daily updates as it works to determine the full scope of compromised information.

JPMorgan Chase, Citigroup, and Morgan Stanley were notified by SitusAMC that their clients’ data might be included in the breach. Upon discovering the cyberattack, SitusAMC began collaborating with third-party forensic experts and federal authorities, as detailed by multiple sources, while also notifying law enforcement.

FBI’s Role

The FBI is currently working to identify how the hackers gained access and what data may have been affected. In a statement to The New York Times, Kash Patel, FBI Director, stated that despite ongoing investigations, there is no operational impact on banking services at this time.