Thousands of clients’ data at risk: JPMorgan and Citi Bank affected by Sitas AMC hack

Staff Report: PNN

Hackers stole a large amount of data from a New York-based company called Sitas AMC, used primarily by major Wall Street banks for real estate loans and mortgage transactions. Banks and the company are assessing the extent of the damage, according to investigators and company statements.

Sitas AMC, which has 1,500 clients, reported Saturday night that some client account records and legal contracts were impacted by the hack. The company said, “The incident is now under control, and our services are fully operational. No encrypting malware was used.”

Unauthorized access was detected, and starting November 12, the company began notifying clients that they may have been affected. JPMorgan Chase and Citi Bank are among potentially impacted clients, though which clients’ data was stolen remains unclear. The investigation is ongoing.

No comments have been received from JPMorgan Chase or Citi Bank regarding the incident. Responsibility for the hack is not yet confirmed. The FBI is investigating. Director Kash Patel stated, “We are working closely with affected organizations and partners, and no operational impact on banking services has been identified. We are committed to identifying the responsible parties and protecting critical infrastructure.”

Major global banks spend billions annually on cybersecurity and are known for strong defenses. Still, cyberattacks persist, and interdependencies among organizations often create vulnerabilities.

Munish Walther-Puri, head of Critical Digital Infrastructure at cybersecurity firm TPGO Group, said, “This Sitas AMC incident shows that the weakest links are often hidden among technology partners and vendors. When a trusted vendor fails, the impact can reveal complex sector-wide risks. Resilience is not just policy—it’s a collective responsibility.”