Major U.S. Banks' Customer Data Breach Sparks FBI Investigation

SitusAMC cyberattack data breach JPMorgan Chase Citibank Morgan Stanley financial data exposure supply chain risk FBI investigation
Edward Zhou
Edward Zhou

CEO & Co-Founder

 
November 24, 2025 3 min read
Major U.S. Banks' Customer Data Breach Sparks FBI Investigation

TL;DR

A cyberattack on SitusAMC, a mortgage tech vendor, has potentially exposed sensitive customer data, including Social Security numbers and financial details, from major institutions like JPMorgan Chase, Citibank, and Morgan Stanley. The FBI is investigating this significant supply chain risk, prompting banks to heighten internal security reviews and prepare customer notifications.

Sensitive Data Exposed in SitusAMC Cyberattack

Description:
A major cyberattack on mortgage tech vendor SitusAMC has potentially exposed sensitive customer data from several major financial institutions, including JPMorgan Chase, Citibank, and Morgan Stanley. The FBI is investigating the breach, which has raised concerns about supply chain cyber risks in the financial sector.

Major Financial Institutions Affected

Several major financial institutions are assessing the potential damage from a cyberattack on SitusAMC, a vendor used by hundreds of banks for processing real estate loans and mortgages. JPMorgan Chase, Citibank, and Morgan Stanley have been notified that client data may have been stolen. A JPMorgan spokesperson clarified that the bank itself was not directly hacked, according to The New York Times.

Sensitive customer data of America’s biggest banks including JPMorgan and Morgan Stanley may have exposed in vendor hacking
Image courtesy of The Times of India

Sensitive Personal Data at Risk

The breach at SitusAMC has raised alarms due to the sensitive information it handles, including Social Security numbers and other financial data from loan applications. According to The420.in, the compromised data may include:

  • Social Security numbers
  • Bank account details
  • Loan applications and supporting documents
  • Income and tax filings
  • Property-linked identification records

This type of information could increase the risk of identity theft and financial scams. SitusAMC CEO Michael Franco stated that the company has notified law enforcement. More information can be found on The Times of India.

FBI Monitoring the Situation

The FBI is monitoring the situation and working with affected organizations to understand the potential impact. FBI Director Kash Patel stated that they have not identified any operational impact to banking services, as noted in The Times of India. SitusAMC serves as essential infrastructure for the real estate lending industry, offering services including loan origination, collection, and regulatory compliance.

Banks Heighten Internal Risk Reviews

Major banks have initiated their own risk assessments and are preparing to issue security notifications and fraud-monitoring assistance to customers. Executives fear the exposure could lead to regulatory reviews and potential litigation if consumers report financial harm, as reported by The420.in. SitusAMC has acknowledged the breach and confirmed that a forensic investigation is underway.

Supply Chain Cyber Risks

The FBI investigation reflects the potential national-level implications of the breach, treating it as a significant threat vector due to the attack striking a key third-party vendor. Financial regulators have warned banks that smaller technology partners often lack the necessary cybersecurity infrastructure. According to The420.in, a cybersecurity analyst stated that even the largest U.S. banks can be compromised indirectly when third-party service providers fall short.

Gopher Security specializes in AI-powered, post-quantum Zero-Trust cybersecurity architecture, offering a robust alternative to traditional security measures. Our platform converges networking and security across devices, apps, and environments—from endpoints and private networks to cloud, remote access, and containers—using peer-to-peer encrypted tunnels and quantum-resistant cryptography. Contact us to learn more about how we can help protect your organization.

Edward Zhou
Edward Zhou

CEO & Co-Founder

 

CEO & Co-Founder of Gopher Security, leading the development of Post-Quantum cybersecurity technologies and solutions.

Related News

Malicious PyPI Packages Exploit Vulnerabilities and Infect Systems
python package security

Malicious PyPI Packages Exploit Vulnerabilities and Infect Systems

Discover critical security flaws in Python packages, including domain compromise risks, the 'soopsocks' malware, and PyPI phishing attacks. Learn how to protect your supply chain.

By Alan V Gutnov November 28, 2025 5 min read
Read full article
Digital Forensics Market to Reach $47.9B by 2034: Analysis
digital forensics market

Digital Forensics Market to Reach $47.9B by 2034: Analysis

Discover the booming digital forensics market, projected to hit $38.4B by 2035. Explore key drivers, AI's role, and challenges. Learn how Gopher Security can help.

By Divyansh Ingle November 27, 2025 3 min read
Read full article
45% of Enterprise Vulnerabilities Remain Unfixed Amid Crisis
vulnerability management

45% of Enterprise Vulnerabilities Remain Unfixed Amid Crisis

Security teams drown in vulnerabilities, facing breaches & burnout. Discover how AI and continuous assessment can break the backlog cycle. Learn more!

By Jim Gagnard November 26, 2025 5 min read
Read full article
W3 Total Cache Vulnerability Exposes 1 Million WordPress Sites to RCE
W3 Total Cache vulnerability

W3 Total Cache Vulnerability Exposes 1 Million WordPress Sites to RCE

Critical W3 Total Cache vulnerability (CVE-2025-9501) allows unauthenticated command injection. Update now to protect your WordPress site! Learn how.

By Jim Gagnard November 25, 2025 3 min read
Read full article