Major Banks Assess Impact of Third-Party Breach
Financial institutions including JPMorgan Chase, Citigroup, and Morgan Stanley are evaluating the fallout from a significant data breach at one of their third-party service providers, SitusAMC. The breach, which also affected Fidelity National Financial (FNF), exposed the sensitive personal data of a large number of customers. SitusAMC, a provider of technology and services to the real estate finance industry, was compromised through a ransomware attack on its parent company, SitusACC.
The incident highlights the persistent risks associated with third-party vendors in the financial sector. The data exposure originated from a cybersecurity event that directly impacted the systems of a company entrusted with sensitive client information by some of the world’s largest banks.
BlackCat Ransomware Attack Details
According to a data breach notification filed with the Maine Attorney General’s Office on June 16, 2023, SitusACC detected suspicious activity on its network on January 31, 2023. The investigation determined that an unauthorized party had accessed certain systems. The cybercriminal group responsible for the attack was identified as BlackCat/ALPHV, a known ransomware-as-a-service operation.
The breach notification confirmed that a wide range of personally identifiable information (PII) was compromised. This included names, addresses, Social Security numbers, driver’s license numbers, tax identification numbers, loan numbers, and financial account information, including credit card details. SitusACC notified over 133,000 individuals about the incident. In a separate filing, Fidelity National Financial reported that the same breach impacted 1.3 million of its own customers. In response to the breach, SitusAMC has offered affected individuals two years of complimentary credit monitoring and identity theft protection services.
Concise Cyber 