Major U.S. Banks' Customer Data Breach Sparks FBI Investigation

SitusAMC cyberattack data breach JPMorgan Chase Citibank Morgan Stanley financial data exposure supply chain risk FBI investigation
Edward Zhou
Edward Zhou

CEO & Co-Founder

 
November 24, 2025 3 min read
Major U.S. Banks' Customer Data Breach Sparks FBI Investigation

TL;DR

  • A cyberattack on SitusAMC, a mortgage tech vendor, has potentially exposed sensitive customer data, including Social Security numbers and financial details, from major institutions like JPMorgan Chase, Citibank, and Morgan Stanley. The FBI is investigating this significant supply chain risk, prompting banks to heighten internal security reviews and prepare customer notifications.

Sensitive Data Exposed in SitusAMC Cyberattack

Description: A major cyberattack on mortgage tech vendor SitusAMC has potentially exposed sensitive customer data from several major financial institutions, including JPMorgan Chase, Citibank, and Morgan Stanley. The FBI is investigating the breach, which has raised concerns about supply chain cyber risks in the financial sector.

Major Financial Institutions Affected

Several major financial institutions are assessing the potential damage from a cyberattack on SitusAMC, a vendor used by hundreds of banks for processing real estate loans and mortgages. JPMorgan Chase, Citibank, and Morgan Stanley have been notified that client data may have been stolen. A JPMorgan spokesperson clarified that the bank itself was not directly hacked, according to The New York Times.

Sensitive customer data of America’s biggest banks including JPMorgan and Morgan Stanley may have exposed in vendor hacking

Image courtesy of The Times of India

Sensitive Personal Data at Risk

The breach at SitusAMC has raised alarms due to the sensitive information it handles, including Social Security numbers and other financial data from loan applications. According to The420.in, the compromised data may include:

  • Social Security numbers
  • Bank account details
  • Loan applications and supporting documents
  • Income and tax filings
  • Property-linked identification records

This type of information could increase the risk of identity theft and financial scams. SitusAMC CEO Michael Franco stated that the company has notified law enforcement. More information can be found on The Times of India.

FBI Monitoring the Situation

The FBI is monitoring the situation and working with affected organizations to understand the potential impact. FBI Director Kash Patel stated that they have not identified any operational impact to banking services, as noted in The Times of India. SitusAMC serves as essential infrastructure for the real estate lending industry, offering services including loan origination, collection, and regulatory compliance.

Banks Heighten Internal Risk Reviews

Major banks have initiated their own risk assessments and are preparing to issue security notifications and fraud-monitoring assistance to customers. Executives fear the exposure could lead to regulatory reviews and potential litigation if consumers report financial harm, as reported by The420.in. SitusAMC has acknowledged the breach and confirmed that a forensic investigation is underway.

Supply Chain Cyber Risks

The FBI investigation reflects the potential national-level implications of the breach, treating it as a significant threat vector due to the attack striking a key third-party vendor. Financial regulators have warned banks that smaller technology partners often lack the necessary cybersecurity infrastructure. According to The420.in, a cybersecurity analyst stated that even the largest U.S. banks can be compromised indirectly when third-party service providers fall short.

Gopher Security specializes in AI-powered, post-quantum Zero-Trust cybersecurity architecture, offering a robust alternative to traditional security measures. Our platform converges networking and security across devices, apps, and environments—from endpoints and private networks to cloud, remote access, and containers—using peer-to-peer encrypted tunnels and quantum-resistant cryptography. Contact us to learn more about how we can help protect your organization.

Edward Zhou
Edward Zhou

CEO & Co-Founder

 

CEO & Co-Founder of Gopher Security, leading the development of Post-Quantum cybersecurity technologies and solutions.

Related News

CVE-2025-15467: Critical OpenSSL RCE and DoS Vulnerability Overview
OpenSSL vulnerability

CVE-2025-15467: Critical OpenSSL RCE and DoS Vulnerability Overview

Urgent: OpenSSL 3.x vulnerable to CVE-2025-15467, enabling pre-auth RCE. Learn affected versions, impact, and immediate mitigation steps. Protect your systems now!

By Divyansh Ingle March 10, 2026 4 min read
common.read_full_article
SolarWinds Patches Critical Web Help Desk RCE Vulnerabilities Now
SolarWinds Web Help Desk

SolarWinds Patches Critical Web Help Desk RCE Vulnerabilities Now

Critical RCE & Auth Bypass flaws in SolarWinds Web Help Desk are fixed! Don't risk it. Update to v2026.1 now to protect your systems. Learn more.

By Edward Zhou March 9, 2026 4 min read
common.read_full_article
AI vs Human Hackers: Who Prevails in 2026 Pen Testing?
AI hacking

AI vs Human Hackers: Who Prevails in 2026 Pen Testing?

Discover the results of a groundbreaking study comparing AI agents and human hackers in web vulnerability exploitation. See who prevails and what it means for your security. Read now!

By Jim Gagnard March 6, 2026 6 min read
common.read_full_article
Vulnerability Exploits Lead Cyber Intrusions in 2026 Trends
vulnerability exploits

Vulnerability Exploits Lead Cyber Intrusions in 2026 Trends

Exploits are now the top intrusion method, outpacing phishing. Discover why rapid vulnerability patching is critical and how to bolster your defenses. Read more!

By Edward Zhou March 4, 2026 4 min read
common.read_full_article