Article Details

Real-estate finance services giant SitusAMC breach exposes client data. SitusAMC, a company that provides back-end services for top banks and lenders, disclosed on Saturday a data breach it had discovered earlier this month that impacted customer data. As a real-estate (commercial and residential) financing firm, SitusAMC handles back-office operations in areas like mortgage origination, servicing, and compliance for banks and investors. The company generates around $1 billion in annual revenue from 1,500 clients, some of whom are banking giants like Citi, Morgan Stanley, and JPMorgan Chase. While investigations with the help of external experts are ongoing, the company underlined that business operations haven't been affected and no encrypting malware was deployed on its systems. SitusAMC stated that data from some of its clients, as well as their customers' data, were compromised as a result of the breach, though it didn't name any companies. "On November 12, 2025, SitusAMC became aware of an incident that we have now determined resulted in certain information from our systems being compromised," reads the statement. "Corporate data associated with certain of our clients' relationship with SitusAMC such as accounting records and legal agreements has been impacted. Certain data relating to some of our clients' customers may also have been impacted." SitusAMC promised to provide further updates as the investigation progresses. In a statement to BleepingComputer, the company CEO said that SitusAMC is fully operational and clients are contacted directly about the incident. "We are in direct contact with our clients about this matter. We remain focused on analyzing any potentially affected data and will provide updates directly to our clients as our investigation progresses" - Michael Franco, SitusAMC CEO While SitusAMC received a security alert related to the incident on November 12, the company determined three days later that it was a breach and started to inform its residential customers on November 16 that it was investigating the attack. The company continued to deliver updates to these customers and contacted those impacted by the breach individually up to November 22, when it notified all its clients and confirmed that data was stolen in the attack. Due to the complexity of operations and data involved, it is unclear how many customers are impacted, and determining all of them will take a while. BleepingComputer has contacted Citi, Morgan Stanley, and JPMorgan Chase to ask if SitusAMC notified them of a data breach and if their clients' data was compromised. A comment was not immediately available from any of the organizations. 7 Security Best Practices for MCP As MCP (Model Context Protocol) becomes the standard for connecting LLMs to tools and data, security teams are moving fast to keep these new services safe. This free cheat sheet outlines 7 best practices you can start using today.