Data Breach at SitusAMC Exposes Client Information, Raising Security Concerns
Full Transcript
SitusAMC, a real estate finance services provider, reported a data breach impacting client data on November 12, 2025. The company, which generates about one billion dollars in annual revenue from 1,500 clients, including major banks like Citigroup, Morgan Stanley, and JPMorgan Chase, discovered the breach earlier this month.
While ongoing investigations, aided by external experts, are taking place, SitusAMC assured that business operations remain unaffected and confirmed that no encrypting malware was utilized against its systems.
The breach reportedly compromised corporate data tied to client relationships with SitusAMC, including accounting records and legal agreements. Additionally, data pertaining to some of the clients' customers may have also been involved.
According to a statement from Michael Franco, the CEO of SitusAMC, the company is directly communicating with clients about the incident and is focused on analyzing potentially affected data. On November 15, three days after the initial security alert, SitusAMC determined it was a breach and began informing residential customers on November 16.
Updates were continually provided to these customers, with direct notifications sent to those affected by November 22. The exact number of impacted customers is not yet clear, given the complex nature of the operations and data involved.
Bleeping Computer has reached out to Citigroup, Morgan Stanley, and JPMorgan Chase for comments regarding the breach and whether their clients' data was compromised, but no immediate responses have been received.
This incident raises significant concerns about data security within the banking sector, especially as financial institutions increasingly rely on technology for their operations. As the investigation continues, SitusAMC has committed to providing further updates to its clients regarding the breach and its implications.
With the ongoing reliance on digital systems in finance, safeguarding client information has become more critical than ever, making this breach a pivotal point of discussion among industry stakeholders.