SitusAMC Cyberattack Triggers Alarm Across Wall Street Banks

The big banks are stepping up their cybersecurity efforts to combat increasing digital threats.
SitusAMC Cyberattack Triggers Alarm Across Wall Street Banks
Wall Street in New York City on April 4, 2025. Samira Bouaou/The Epoch Times
|Updated:
0:00

A cyberattack on a company tied to the real estate lending market has sparked a rush to assess the stolen data and identify affected banks.

SitusAMC, a real estate finance and technology firm, confirmed in a Nov. 22 statement that it became aware of a cyber incident impacting account records and contracts with some of its clients.

The company identified a system intrusion on Nov. 12 and notified customers of potential exposure shortly thereafter.

“We commenced an investigation with the assistance of leading experts, notified (and continue to cooperate with) federal law enforcement authorities, and began taking measures to assess and contain the incident,” the New York City-based company said. “The incident is now contained and our services are fully operational. No encrypting malware was involved.”

The extent of the incident is still under investigation by the company and third-party advisors, SitusAMC added. It also remains unknown who was behind the data breach.

SitusAMC has more than 1,500 clients, including major Wall Street banks such as Citigroup, JPMorgan Chase, and Morgan Stanley. The technology vendor also works with asset managers, insurance firms, pension funds, and private equity firms.

Wall Street firms are often targeted by hackers because they possess sensitive client data.

Spending Big on Cybersecurity

This past summer, security firm KnowBe4 estimated that financial services companies worldwide experience up to 300 times as many cyber incidents each year as other industries. Last year saw a 25 percent year-over-year increase in these events.

Third-party infiltration has been the most common tactic in cyberattacks, with 97 percent of major U.S. financial institutions reporting a third-party breach in 2024.

“The United States financial sector, by far the most exposed to cyber threat, had the strongest surge in 2024, and the highest overall malicious cyber activities (19.10%),” the firm said in “Financial Sector Threats: The Shifting Landscape,” an August report. “It was the primary target for both ransomware attacks (60.47%) and infostealer campaigns (18.81%).”

As a result, the finance industry is spending billions on cybersecurity.

JPMorgan Chase, for example, spends $15 billion annually to combat cyber threats.

“The fraudsters get smarter, savvier, quicker, more devious, more mischievous,” Mary Callahan Erdoes, the bank’s asset and wealth management chief, said at a World Economic Forum event in January 2024. “It’s so hard, and it’s going to become increasingly harder, and that’s why staying one step ahead of it is really the job of each and every one of us.”

Citigroup said last year that cybersecurity costs were “one of the most rapidly growing expense line items” for the financial institution.
Most U.S. banks are intensifying their cybersecurity efforts by relying on artificial intelligence (AI), according to KPMG’s “2025 Banking Survey Technology,” released this past summer.

But while banks are also employing AI-driven strategies, unscrupulous individuals and outfits are using the same technology for nefarious purposes.

AI-powered cyberattacks are becoming more common—and more advanced. Ransomware attacks, malicious agent-based AI, deepfakes, social-engineering attacks, and AI-fueled phishing have become ubiquitous in cybercrime as technology continues to evolve.

The JPMorgan Chase & Co. headquarters along Park Avenue in New York on Sept. 20, 2016. (Benjamin Chasteen/The Epoch Times)
The JPMorgan Chase & Co. headquarters along Park Avenue in New York on Sept. 20, 2016. Benjamin Chasteen/The Epoch Times
Earlier this month, AI startup Anthropic published a report identifying “the first reported AI-orchestrated cyber espionage campaign.”

“The attackers used AI’s ‘agentic’ capabilities to an unprecedented degree—using AI not just as an advisor, but to execute the cyberattacks themselves,” the report stated.

“The threat actor—whom we assess with high confidence was a Chinese state-sponsored group—manipulated our Claude Code tool into attempting infiltration into roughly thirty global targets and succeeded in a small number of cases.”

As the private and public sectors continue to construct vast digital fortresses, global cybersecurity spending is expected to reach $213 billion by year-end, according to the consultancy firm Gartner. This represents a more than 10 percent increase from the previous year.

The trend, says Ruggero Contu, senior director analyst at Gartner, will persist for years to come.

“Established security spending will continue as normal, but some organizations are being more cautious with any new security spending in this highly uncertain and challenging climate,” Contu said in the July report.

“However, higher defense budgets, rising threats, increasing regulatory pressure and better cybersecurity awareness—especially among small and medium-sized businesses—will keep cybersecurity spending strong in the medium to long term.”

Google LogoMark Us Preferred on Google
Andrew Moran
Andrew Moran
Author
Andrew Moran has been writing about business, economics, and finance for more than a decade. He is the author of "The War on Cash."