The $1B finance services provider confirms compromised data tied to banking clients and their customers after a November breach
SitusAMC Confirms Data Breach Affecting Financial Sector Clients
SitusAMC, a leading provider of real-estate finance services, has disclosed a data breach that compromised sensitive client and customer information. The incident, discovered earlier this month, affects data associated with some of the firm’s 1,500 financial services clients, including potential exposure of corporate records and end-customer information.
- SitusAMC supports mortgage origination, servicing, and compliance operations for large banks and investors.
- Notable clients include Citi, Morgan Stanley, and JPMorgan Chase, though none have confirmed their involvement in the breach as of now.
“Certain data relating to some of our clients’ customers may also have been impacted,” said SitusAMC in a public statement.
Breach Timeline: From Detection to Disclosure
- November 12, 2025: SitusAMC received a security alert indicating suspicious activity.
- November 15: The incident was confirmed as a data breach.
- November 16–22: The company began contacting residential customers and clients individually, before formally notifying all clients of confirmed data theft.
CEO Michael Franco reassured clients that operations remain unaffected, noting that no ransomware or encrypting malware was used.
“We are in direct contact with our clients… and will provide updates as our investigation progresses,” Franco said in a statement to BleepingComputer.
What Data Was Compromised
While the investigation is ongoing, the company confirmed that the breach impacted:
- Corporate data:
- Accounting records
- Legal agreements
- Client relationship documentation
- Customer-level data (undisclosed extent):
- Potential exposure of personally identifiable information (PII) tied to client customers
The scale of affected data remains uncertain due to the complexity and volume of the systems involved.
Risk Implications for Financial Institutions
SitusAMC plays a critical role in back-end finance operations, and the breach could potentially impact:
- Mortgage servicing and origination data
- Investor account information
- Legal and regulatory compliance documents
This exposure presents reputational and operational risks, particularly for banks relying on SitusAMC for outsourced customer data handling.
As of now, Citi, Morgan Stanley, and JPMorgan Chase have not responded to requests for comment.
No Operational Disruption, But Investigations Continue
SitusAMC emphasized that core systems remain online, and no ransomware was involved in the breach. External cybersecurity experts are supporting the ongoing investigation.
Clients continue to receive direct updates, and affected individuals are being contacted on a rolling basis as the scope of the breach becomes clearer.
What Comes Next for Clients and Customers
Due to the complex nature of SitusAMC’s operations across residential and commercial real estate finance, the full scope of the breach may take time to establish.
In the meantime, clients are advised to:
- Review access logs for anomalies
- Rotate credentials used in integrations with SitusAMC
- Conduct internal data audits for potential exposure
- Prepare breach notifications if downstream customer PII was involved
Organizations relying on third-party processors must have strong vendor risk management and incident response plans in place for precisely these scenarios.
Real estate finance services giant SitusAMC has confirmed a data breach impacting client and customer data tied to its mortgage and compliance operations. While operations remain online and no ransomware was involved, sensitive corporate records and potentially customer data were accessed. Clients are being notified directly as the investigation unfolds.
