Major Wall Street banks are assessing the impact of a data hack at real-estate software firm SitusAMC, which serves more than 1,500 clients, including JPMorgan Chase and Citi. The breach has raised concerns about client account records and legal agreements. SitusAMC confirmed the incident late Saturday, saying the breach is contained and its services are fully operational. The company added that no encrypting malware was involved. The firm first detected unauthorized access on November 12 and quickly notified potentially affected clients. While notifications were sent broadly, it remains unclear which client data was actually accessed. JPMorgan Chase and Citi declined to comment on whether their information was compromised. The FBI has opened an investigation into the incident. “While we are working closely with affected organizations and our partners to understand the extent of potential impact, we have identified no operational impact to banking services,” FBI Director Kash Patel said. “We remain committed to identifying those responsible and safeguarding the security of our critical infrastructure.” Cybersecurity experts note that even large banks, which invest hundreds of millions of dollars annually in protecting systems, remain vulnerable due to interconnected vendors. SitusAMC’s breach highlights the risks posed by third-party technology providers. “The SitusAMC breach is a stark reminder that the weakest links may be buried deep within the technology partnerships and vendor dependencies that fuel critical operations,” said Munish Walther-Puri, head of critical digital infrastructure at TPO Group. “When one trusted vendor falters, the ripple can expose the intricate web of unseen risk that binds the sector together; resilience is not just a policy, but a collective responsibility,” he added. The breach underscores growing concerns over cybersecurity in financial services. Even though the sector is known for strong defenses, hackers continually target the industry, exploiting vulnerabilities in smaller firms and service providers. SitusAMC did not disclose the full extent of the data stolen. The firm’s software is widely used by banks for real-estate loans, mortgage processing, and client account management. Any compromise could potentially affect multiple financial institutions simultaneously. Industry analysts say the incident may prompt banks to review their technology partnerships and strengthen monitoring of vendor networks. “Financial firms must continuously evaluate third-party security risks, as attackers often look beyond direct systems to exploit supply-chain weaknesses,” Walther-Puri noted. The FBI and SitusAMC are working to determine the full scope of the breach, while banks are monitoring for any signs of misuse of exposed data. For now, there is no evidence that banking operations have been disrupted. The incident illustrates the challenges of cybersecurity in highly interconnected sectors. Even well-protected institutions rely on external technology providers, creating potential vulnerabilities that can affect the broader financial ecosystem. As investigations continue, Wall Street banks are expected to implement additional safeguards, strengthen oversight of vendor access, and enhance internal controls to prevent similar breaches in the future.