SitusAMC, a major provider of back-end services for leading banks and lenders, has confirmed a SitusAMC data breach that resulted in the compromise of certain client and customer information. The SitusAMC data breach incident, discovered earlier this month, has raised concerns due to the company’s extensive role in mortgage origination, servicing, and compliance within the real-estate financing ecosystem.
Responding to The Cyber Express team query, Michael Franco, Chief Executive Officer (CEO) of SitusAMC, said, “We recently became aware of a data security incident impacting certain of our systems. We promptly retained leading third-party experts, launched an investigation, and notified law enforcement. The incident has been contained and SitusAMC is fully operational. No encrypting malware was deployed on our systems. We are in direct contact with our clients about this matter. We remain focused on analyzing any potentially affected data and will provide updates directly to our clients as our investigation progresses.”
According to the company’s disclosure, SitusAMC became aware of the incident on November 12, 2025, and later determined that specific information stored on its systems had been accessed without authorization. While the full scope of the SitusAMC data breach remains under investigation, the company stated that the impacted information includes corporate data associated with clients, such as accounting records and legal agreements, along with certain data belonging to clients’ customers.
SitusAMC emphasized that the incident did not involve encrypting malware and that its operational services continue to run without disruption. External cybersecurity experts and federal law enforcement authorities are assisting in the ongoing investigation.
SitusAMC Data Breach Details
In its public notice, the company disclosed that upon detecting the incident, immediate steps were taken to investigate, contain, and secure its systems. The firm began working closely with third-party specialists and notified federal law enforcement to ensure a coordinated response.
SitusAMC reiterated that although some information was compromised, all services remain fully operational. No ransomware activity or system encryption was detected, indicating that the attack did not follow the pattern of typical extortion-driven breaches.
The company is continuing to analyze the impacted data and remains in close contact with affected clients.
In response to the breach, SitusAMC implemented several additional security measures aimed at strengthening its environment against further threats. These steps include resetting credentials, disabling certain remote access tools, updating firewall rules, and enhancing internal security configurations.
The company noted that it is still determining which specific services and products may have been affected. However, early assessments indicate that core business operations remain intact.
Impact on Client and Customer Data
The company confirmed that certain client business information was accessed during the incident. This includes internal corporate data and documentation related to client relationships. SitusAMC also stated that some customer information tied to clients may have been impacted, though the nature and extent of this exposure is still being assessed.
SitusAMC assured stakeholders that it is working “around the clock” alongside its advisors to determine the full level of impact and will provide updates as the investigation progresses.
Customer Notification and Transparency
To maintain transparency, the company publicly released an example of the customer notification letter distributed on November 22, 2025. The letter outlines what occurred, the types of information potentially exposed, and the steps being taken to safeguard systems moving forward.
In the letter, the company reiterated that the incident is contained, services remain fully operational, and no encrypting malware was used. Clients were encouraged to reach out to the company’s security team for additional queries.
