JPMorgan and other Wall Street companies affected by a cyberattack on a third party

According to recent reports, large Wall Street banks such as JPMorgan Chase, Citi and Morgan Stanley may have seen customer data compromised following a cyberattack on technology provider SitusAMC. Although the entities were not directly attacked, the intrusion into this third party once again highlights the risk posed by dependence on suppliers in a sector where information is one of the most valuable assets.

‍

_{What has happened?}

The provider SitusAMC, specialized in technological services for the mortgage and real estate sector, confirmed that it was the victim of a cyberattack that allowed unauthorized access to part of its infrastructure. After detecting the intrusion, the company reported that “data relating to some of our clients' clients may also have been impacted”, potentially involving banks such as JPMorgan Chase, Citi and Morgan Stanley.

‍

_{What type of information could have been compromised}

The company has reported that the affected data is related to sensitive corporate documentation, including:

• Contracts and Legal Agreements
• Accounting documentation
• Corporate Financial Information

SitusAMC has also acknowledged that data from the end customers of the affected entities may have been exposed. So far, no use of encryption malware or signs of ransomware has been detected.

‍

_{The critical role of the technology provider}

This incident exposes a clear weakness: even institutions with advanced defenses such as Wall Street banks rely on providers that handle sensitive data. SitusAMC operates at the heart of mortgage processing and document management of real estate investments, so a breach in its infrastructure can have wide and profound repercussions.

‍

_{An Incident with a Wide Potential Impact}

Although JPMorgan Chase and the other affected banks have reported no operational interruptions, the potential data breach poses a significant risk:

• Reputational damage
• Increased exposure to phishing campaigns and targeted fraud
• Legal and regulatory obligations regarding data protection
• Increased security scrutiny on critical third parties and vendors

In sectors as sensitive as Wall Street, an indirect breach can have as critical an impact as a direct attack.

‍

_{The incident in context: Wall Street under pressure from supply chain attacks}

The trend is clear: cybercriminals seek to exploit small or medium-sized providers with access to large corporations. This allows them to multiply the impact of the attack without directly confronting the massive defenses of financial giants.

For Wall Street institutions, these types of incidents demonstrate that security no longer depends solely on their own systems, but on the level of cyber protection of their entire digital ecosystem.

‍

_{What we recommend from Apolo Cybersecurity}

For financial organizations and any company with a dependency on third parties, we recommend:

• Continuous Third-Party Assessment (TPRM): Regular security analyses and audits of critical vendors.

• Zero Trust Architectures: Access Limitation, Elimination of Permanent Privileges, and Strict Segmentation.

• Periodic penetration tests: Simulations of commitment in suppliers to measure real impact.

• Reinforced protection of sensitive data: Comprehensive encryption, rigorous key management, and continuous monitoring of access to critical documents.

• Training and awareness: Simulated incidents and specific training for teams that manage relationships with suppliers.

‍

_{Strengthen your digital security before the next breach}

‍
Cyberattacks aimed at suppliers are already one of the main threats to Wall Street and to any organization that delegates critical functions.
Protecting your supply chain today means avoiding a crisis tomorrow.

If you need to assess risks, audit suppliers or strengthen your defenses, at Apolo Cybersecurity we can help.