Third-party breaches accelerating: The SitusAMC incident is part of a broader trend of increasing cyberattacks targeting third-party vendors in the financial services sector. Third parties accounted for 30% of data breaches in 2024, a 15% increase from 2023, according to Venminder’s State of Third-Party Risk Management 2025 survey. The survey found 49% of organizations experienced third-party cybersecurity incidents last year.The financial services sector has seen particularly heavy vendor-related cyberattack activity. FINRA observed a large increase in incidents during the first half of 2024, with threat actors targeting vulnerabilities in system management tools and technology products used by third-party providers. Notable incidents in 2024 included data breaches at Microsoft, Snowflake, and Dropbox that had a widespread impact on financial services firms.In October, the New York Department of Financial Services issued guidance emphasizing that regulated entities remain fully responsible for cybersecurity when outsourcing to service providers.The SEC also amended Regulation S-P in 2024 to require firms’ incident response programs to include written policies for overseeing service providers through due diligence and monitoring. The regulation requires firms to establish, maintain, and enforce written policies reasonably designed to require oversight of service providers.FINRA has also reminded member firms of their supervisory obligations related to outsourcing to third-party vendors. The self-regulatory organization noted that firms have an obligation to establish and maintain a supervisory system for any activities or functions third-party vendors perform.
Investigation continues: The company has established a dedicated email for inquiries and said that it will provide updates to clients as the investigation progresses. The advisory did not specify how many institutions or customers may be affected or give a timeline for completing the forensic investigation. “We are in direct, regular contact with our clients about this matter,” SitusAMC said in the statement. “We remain focused on analyzing any potentially affected data and will provide updates directly to our clients as our investigation progresses.”
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4095182/jpmorgan-citi-morgan-stanley-assess-fallout-from-situsamc-data-breach.html
