Article Details

Intrusion at real estate finance biz sparks concern for big banks. SitusAMC rules out ransomware, but accounting records for major institutions potentially affected. Real estate finance business SitusAMC says thieves sneaked into its systems earlier this month and made off with confidential client data. The full breadth of what that data entails remains under investigation, but the company said accounting records and legal agreements were stolen, and in some cases its clients' customer data may also be affected. New York City-based SitusAMC said it is working with federal law enforcement and other experts to investigate the attack, which was confirmed on November 15 and did not involve "encrypting malware." Notifications were sent to customers suspected of being affected on November 16, and all customers were informed on November 22. It said in a statement: "Upon learning of the incident, we took prompt steps to investigate the nature and scope of the incident with the assistance of leading experts. We also notified and began cooperating with law enforcement. We took measures to further secure our systems and are monitoring them to further identify any data that may have been impacted." The full scope of the attack is still being assessed, and the company did not name any of its clients, affected or otherwise. However, reporting from the New York Times suggests major banks could be caught up in the intrusion. Citing anonymous sources, the newspaper reported that Citi, JPMorgan Chase, and Morgan Stanley were among the institutions that were notified as being potentially affected by the tech vendor. The Register contacted all three for more information. JPMorgan Chase declined to comment, while the other two did not respond immediately. The FBI confirmed it is working with SitusAMC on its investigation, and supported the company's claim that its services remain fully operational. It said that the steps it took to harden systems against future attacks include resetting staff credentials, disabling remote access tools, updating firewall rules, and enhancing security settings. According to SitusAMC's website, it has more than 1,500 clients, including top banks, private equity firms, asset managers, insurance companies, and more. The vendor offers a range of services across residential and commercial real estate, including regulation and compliance assessments, asset management, and valuation. It has more than 25 offices worldwide, and while its offerings in Europe do not cover residential mortgages as it does in the US, it holds a significant stake in the commercial real estate space, overseeing a portfolio worth more than €105 billion ($121 billion). SitusAMC said it is still working to understand which products and services were affected by the attack, and it did not say whether the impact was limited to certain markets. According to SitusAMC's statement: "The company and its third-party advisors are working around the clock on our investigation, and we will provide another update as we have more information to share and as appropriate."