A data breach at SitusAMC has affected several major US banks after attackers breached the finance technology company’s network.
The New York City-based company learned of the data breach on November 12 and launched an investigation involving third-party cyber experts and notified law enforcement.
“On November 12, 2025, SitusAMC (“we” or the “Company”) became aware of an incident that we have now determined resulted in certain information from our systems being compromised,” the company stated.
SitusAMC confirms data breach affecting major US Banks
SitusAMC says the data breach was contained, and the threat actor did not deploy ransomware. The cyber attack also did not affect operations at the company.
“The incident is now contained and our services are fully operational,” SitusAMC said. “No encrypting malware was involved.”
However, the company is still assessing the nature of the stolen information and the names of the major US banks impacted. SitusAMC says its clients’ and their customers’ data, which includes account details and legal documents, were compromised.
“Corporate data associated with certain of our clients’ relationship with SitusAMC such as accounting records and legal agreements has been impacted. Certain data relating to some of our clients’ customers may also have been impacted,” the company said.
Describing itself as an end-to-end solutions provider of “origination, transaction, management and valuations of real estate debt and equity,” SitusAMC has access to extensive personal and financial information.
The company serves over 1,500 clients, including major US banks, real estate companies, and insurance firms, making the data breach more significant. It also works with state-level government agencies, such as the State Board of Administration of Florida, in real estate valuation and loan administration.
“SitusAMC manages billions of loan documents annually for banks and mortgage lenders, meaning a single compromise can spread risk across the broader financial sector,” warned Steve Cobb, Chief Information Security Officer at SecurityScorecard.
Major US banks JPMorgan Chase and Citi impacted by the SitusAMC data breach
On November 22, SitusAMC contacted all clients to inform them that it was the victim of a cyberattack and that client information was likely exposed. On November 25, the company notified major US banks whose names appeared in the file paths of compromised documents, suggesting that they were impacted.
“SitusAMC has been diligently working on our data review process, and the current phase of that process includes conducting keyword searches to identify our clients’ names in certain file paths that we know were impacted,” the company said.
So far, SitusAMC has already notified major US banks JPMorgan Chase and Citi that they were affected. Others, such as Morgan Stanley, were also reportedly impacted by the data breach and are assessing the scope of the incident.
However, the total number of impacted customers remains under investigation, and the contacted victims have yet to issue public statements at the time of publication.
“We are in direct, regular contact with our clients about this matter. We remain focused on analyzing any potentially affected data and will provide updates directly to our clients as our investigation progresses,” the company stated.
Meanwhile, the Federal Bureau of Investigation (FBI) has joined the probe, underscoring the gravity of the cyber attack. According to FBI Director Kash Patel, the agency is committed to identifying the perpetrators and ensuring cybersecurity.
“We remain committed to identifying those responsible and safeguarding the security of our critical infrastructure,” Patel said.
At the time of publication, no cybercrime gang has taken responsibility for the SitusAMC data breach, and no ransom demands have been disclosed.
“The breach illustrates how attackers are shifting toward quietly extracting sensitive information instead of causing immediate disruption. That change in tactics makes detection harder and raises the stakes for organizations that depend on vendor managed data,” added Cobb. “This shows why banks, and their suppliers, must elevate vendor risk management to the same level as internal security. Every partner that touches nonpublic data is a potential exposure point. Organizations need continuous visibility into the health of their vendor ecosystem along with real time validation that partner controls are functioning.”
