Several major U.S. banks and mortgage companies are reportedly rushing to investigate how much customer data was stolen in a cyberattack on a New York financial technology company earlier this month.
SitusAMC, which provides technology to more than 1,000 commercial and real estate lenders, acknowledged in a statement over the weekend that it identified the data breach on November 12th.
The company said that during the cyberattack, unspecified hackers stole corporate data related to SitusAMC's relationships with bank customers, as well as “accounting records and legal contracts.”
The statement added that the scope and nature of the cyberattack “remains under investigation.” SitusAMC said the incident was “currently contained” and its systems were operational. The company said no encrypting malware was used, suggesting the hackers were focused on exfiltrating data from its systems rather than causing destruction.
SitusAMC sent data breach notifications to multiple financial giants, including JPMorgan Chase, Citigroup and Morgan Stanley, Bloomberg and CNN reported, citing sources. SitusAMC also counts pension funds and state governments as customers, according to its website.
It's unclear how much data was compromised or how many U.S. banking customers could be affected by this breach. Companies like SitusAMC may not be well-known outside the financial industry, but they provide mechanisms and technology to help banking and real estate customers comply with state and federal rules and regulations. In its role as an intermediary for financial customers, the company processes vast amounts of non-public banking information on behalf of its customers.
According to SitusAMC's website, the company processes billions of loan-related documents annually.
When contacted by TechCrunch, Citi spokesperson Patricia Tuma declined to comment on the breach. Tuma did not say whether the bank had received any communications from the hackers, such as requests for money.
Representatives for JPMorgan Chase and Morgan Stanley did not immediately respond to requests for comment Monday. SitusAMC CEO Michael Franco also did not respond to an email seeking comment Monday.
The FBI is investigating the breach at SitusAMC. An FBI spokesperson did not respond to a request for comment outside of U.S. business hours.