The financial sector received another reminder that security measures are only as strong as their weakest links, as a hack of a technology provider leaves US banks exposed.
This week, SitusAMC, which provides loans and mortgage services to US banks, admitted that “certain information” from its systems was compromised as a result of a cyber attack.
SitusAMC manages billions of loan documents for U.S. banks and mortgage lenders using a single compromise that spreads risk across the financial sector.
The November 22 statement reads: “November 12, 2025. [we] We have become aware of an incident which we have now determined resulted in the compromise of certain information from our systems. Corporate data associated with certain customer relationships with SitusAMC, such as accounting records and legal agreements, were affected.” It added: “Certain data relating to some of our clients' customers may also have been affected.”
US banks using SitusAMC include JPMorgan Chase and Citigroup.
According to reports, the FBI became aware of the violation.
In a post on November 25, SitusAMC said: “[We have] “We are working diligently on our data verification process, and the current phase of this process includes keyword searches to identify our customer names in specific file paths that we know have been impacted.”
Broad Supplier Links
Financial services ecosystems are becoming increasingly complex, with a large number of firms offering technology platforms (fintech services) to banks and other financial firms.
A security breach at one of these firms could leave financial institutions' data vulnerable.
This is a growing problem in the financial sector as banks increase the number of fintech partners they work with.
A recent study by risk management company SecurityScorecard found that in the last measured 12-month period, 96% of Europe's largest financial services organizations were suffered a security breach at a third party. Compared to 78% in previous report two years earlier.
It also found that 97% of firms had breaches through a fourth party, a partner of their partner, which was up from 84% in the previous survey.
This happened against the background of a decrease in the number of direct violations. During this period, 7% suffered a direct hack, up from 8%, according to SecurityScorecard.
One IT security expert in the UK banking sector, who wished to remain anonymous, said he was not surprised by the figures. “I expected 100% of firms to be affected by third party failures of various types,” they said. “The 4% who say they were not harmed surprises me even more.”
SecurityScorecard CISO Steve Cobb said: “Hackers compromised financial technology provider SitusAMC, stealing accounting records and legal agreements from its systems.”
He warned how cybercriminals are changing their approach. “The breach illustrates how attackers are moving to quietly extract sensitive information instead of causing immediate disruption,” Cobb said. “This change in tactics makes detection more difficult and raises the stakes for organizations that rely on vendor-managed data.”
He added that banks and their suppliers must improve their partnerships. risk management to the level of internal security. “Every partner that touches proprietary data is a potential point of exposure,” Cobb said. “Organizations need constant visibility into the health of the supplier ecosystem, as well as real-time verification of the functioning of partner controls.”
In January 2025, the European Union [EU’s] Digital Operational Resilience Actlogged into the application. It covers a range of aspects of cyber resilience, auditability and the responsibilities shared between financial institutions and third-party software and IT service providers when these products and services are used to support business operations. Although this is a European regulation affecting companies operating in the EU, other regions are also implementing cyber resilience.
