JPMorgan, Citi, Morgan Stanley client data may be exposed by vendor's hack, NYT reports
FILE PHOTO: The JPMorgan Chase & Co. building before the ribbon cutting ceremony, at the firm's new headquarters at 270 Park Avenue, in New York City, U.S., October 21, 2025. REUTERS/Eduardo Munoz/File Photo
Client data for JPMorgan Chase, Citi, Morgan Stanley and other major banks may have been accessed in a hack of a technology vendor, the New York Times reported on Saturday, citing people familiar with the matter.
SitusAMC said in a statement on its website on Saturday that it had been the subject of a cyberattack on November 12, compromising certain information from its systems and that "data relating to some of our clients' customers may also have been impacted."
The New York-based vendor for real estate lenders did not identify any of its affected clients.
JPMorgan Chase, Citi and Morgan Stanley did not immediately respond to Reuters requests for comment.
SitusAMC said the affected data included corporate information tied to some clients' dealings with the company, including items like accounting documents and legal contracts.
"We remain focused on analyzing any potentially affected data," Michael Franco, SitusAMC chief executive said in a statement to the New York Times, adding that the company had notified law enforcement.
FBI Director Kash Patel said in a statement, according to the newspaper: "While we are working closely with affected organizations and our partners to understand the extent of potential impact, we have identified no operational impact to banking services."
Reuters could not immediately reach the FBI for comment.
The SitusAMC statement said the incident had been contained and services were fully operational, adding that no encrypting malware was involved.
