Real estate finance firm SitusAMC has disclosed a cyber attack that may have seen the theft of company data from JPMorgan Chase, Citi and Morgan Stanley.
SitusAMC said it first spotted the incident on November 12. At that time, it called in outside expert help and notified federal law enforcement authorities. It immediately began taking measures to assess and contain the incident, it added.
"Corporate data associated with certain of our clients’ relationship with SitusAMC such as accounting records and legal agreements has been impacted," it said in a statement.
"Certain data relating to some of our clients’ customers may also have been impacted. The scope, nature and extent of such impact remains under investigation by the Company and its third-party advisors."
At the time of writing, it's unclear precisely what data may have been accessed and if it could include information supplied by bank customers as part of their mortgage applications, including names and addresses, social security numbers, or financial histories and credit profiles.
SitusAMC said that, since the incident, it's taken additional hardening measures, including carrying out credential resets, disabling remote access tools, updating certain firewall rules and enhancing certain security settings.
"We are in direct, regular contact with our clients about this matter. We remain focused on analyzing any potentially affected data and will provide updates directly to our clients as our investigation progresses," it said.
According to reporting by CNN, JPMorgan Chase, Citi and Morgan Stanley were among the customers informed about the incident.
However, in a statement reported by The New York Times, FBI director Kash Patel said: “While we are working closely with affected organizations and our partners to understand the extent of potential impact, we have identified no operational impact to banking services.”
There's so far no word on who carried out the attack, although SitusAMC said that no encrypting malware was involved.
The breach is already the subject of at least one class-action lawsuit.
The financial sector is one of the most targeted by cyber criminals, mainly because of the large amount of highly sensitive data involved.
According to recent research from security firm KnowBe4, financial service firms globally experience up to 300 times more cyberattacks annually than other industries, with a 25% year-on-year increase in intrusion events for 2024.
Third party breaches such as this one are a very common method of attack, it found, with 97% of major US banks experienced a third-party breach last year. The figure was 100% in Europe.
"Adversaries are gaining an advantage against the financial sector," said James McQuiggan, security awareness advocate at KnowBe4.
“Traditional defenses are no longer sufficient and threat actors discovered stealing valid credentials is more effective than ransomware because it allows them to move undetected."
-
SEC drops SolarWinds lawsuitNews The case that threatened to make CISOs responsible for security failures has been scrapped – but execs shouldn't rest too easily
-
Simulating attacks: how to use tabletop exercises in incident responseIn-depth What types of tabletop exercises are available and how can you use them in your business?
