A Swath of Bank Customer Data Was Hacked – FBI Launches Investigation

What happened?

Earlier this week, SitusAMC, a technology provider that powers the loan‑origination platforms of dozens of real‑estate lenders, disclosed that an unauthorized party gained access to its internal systems. The breach exposed a trove of personal and financial information belonging to the customers of hundreds of banks, including major institutions such as JPMorgan Chase.

Scope of the compromised data

The compromised records are believed to contain:

• Names, Social Security numbers, and dates of birth
• Contact details (addresses, phone numbers, and email addresses)
• Bank account numbers and loan application data
• Employment and income verification documents

According to the company’s statement, the breach potentially affects millions of individuals who have applied for or hold mortgage and commercial real‑estate loans.

Who is affected?

The incident does not target a single bank; rather, it impacts the entire ecosystem of lenders that rely on SitusAMC’s software. While JPMorgan Chase is explicitly mentioned, other unnamed banks and credit unions that use the platform are also under scrutiny.

Response from authorities and the vendor

The Federal Bureau of Investigation (FBI) has opened a formal investigation into the cyber‑attack. In a brief press release, the FBI said it is working closely with SitusAMC and the affected financial institutions to identify the perpetrators and mitigate further damage.

SitusAMC has engaged a leading cybersecurity firm to conduct a forensic analysis, and it has begun notifying impacted customers. The company assures that it is enhancing its security protocols and accelerating the rollout of multi‑factor authentication across all user accounts.

What banks are doing

Financial institutions that partner with SitusAMC are notifying their clients, offering credit‑monitoring services, and urging customers to monitor their statements for any suspicious activity. JPMorgan Chase released a statement emphasizing its commitment to safeguarding customer data and confirming that the breach originated from the vendor, not the bank’s own systems.

What you can do

If you suspect your information may have been exposed, consider the following steps:

• Review your credit reports regularly for unknown accounts.
• Set up fraud alerts or credit freezes with the major credit bureaus.
• Watch for phishing emails that reference your loan application or personal data.
• Contact your bank’s fraud department if you notice any unauthorized transactions.

Looking ahead

The incident underscores the growing risk associated with third‑party technology providers in the financial sector. Regulators are expected to tighten oversight, and many banks are likely to reevaluate their vendor‑risk management programs.

As the FBI continues its investigation, affected customers will receive further guidance from their banks and from SitusAMC regarding remediation steps and any additional support services.