Major banks in the US are on high alert after a security breach at SitusAMC, a technology supplier to US mortgage lenders, exposed sensitive customer data and accounting records.
The breach was discovered by the firm on 12 November and investigations into the scale of the attack are ongoing.
In a letter to customers impacted by the breach, the firm writes: "We have confirmed that certain of our clients’ data was impacted. Corporate data associated with your relationship with SitusAMC such as accounting records and legal agreements has been impacted. Certain data relating to your customers may also have been impacted. The scope, nature and extent of such impact remains under investigation by the Company and its third-party advisors."
The exposure is likely to be far-reaching, as SitusAMC performs mortgage origination, servicing and payment collection for hundred of banks and lenders across the US.
According to sources close to the investigation, JPMorgan Chase, Citigroup and Morgan Stanley are among the banks notified that their client data may have been exposed.
SitusAMC says it has responded by implementing credential resets, disabling remote access tools, updating firewall rules, and enhancing certain security settings.