A significant cybersecurity incident at SitusAMC, a leading provider of technology and services to the real estate finance industry, has placed several of the nation’s largest banks under scrutiny. The breach, discovered earlier this month, has exposed sensitive corporate documents and potentially impacted data related to bank customers.
The Incident
SitusAMC confirmed that it became aware of unauthorized activity on its systems on November 12, 2025. While the investigation is ongoing, the company has determined that corporate data associated with client relationships—specifically accounting records and legal agreements—was compromised.
The company explicitly stated that the attack did not involve encrypting malware (ransomware that locks users out of their systems), and their operations remain fully functional. However, the firm acknowledged that “certain data relating to some of our clients’ customers may also have been impacted.”
Wall Street Impact
While SitusAMC did not name specific clients in its public transparency letter, the breach is believed to have reached data belonging to banking giants JPMorgan Chase, Citi, and Morgan Stanley.
As of this morning, these financial institutions have not publicly commented on the specific extent of the exposure. SitusAMC noted that they are currently in “direct, regular contact” with their clients to assess the damage.
Third-Party Risk
This incident highlights the growing danger of third-party vendor risk in the financial sector. While the banks themselves were not directly breached, their data was vulnerable through a service provider. Federal law enforcement is actively investigating the intrusion, noting that while they are working with affected organizations, there is currently no observed impact on day-to-day banking operations.
Protect Yourself: How to Freeze Your Credit
In the wake of breaches involving financial data and mortgage records, the single most effective step you can take to protect your identity is to freeze your credit.
A security freeze prevents potential creditors from accessing your credit file. Since most businesses will not open credit accounts without checking your credit history, a freeze effectively stops identity thieves from opening new accounts in your name.
Steps to Take Immediately:
-
Freeze at All Three Bureaus: You must place a freeze at each of the three major credit reporting agencies individually. It is free to do so by law.
-
Experian: experian.com/freeze
-
TransUnion: transunion.com/credit-freeze
-
Check Your Reports: Go to AnnualCreditReport.com to download your credit reports for free. Review them specifically for:
-
Accounts you didn’t open.
-
Inquiries from companies you don’t recognize.
-
Incorrect personal information (like a wrong address).
-
Remember, freezing your credit does not affect your credit score, and you can temporarily lift the freeze instantly if you need to apply for a loan or credit card yourself.
Feeling lost in the digital world? Dr. Tom is here to help!
Join Dr. Tom every week in his column, Dr. Tom’s Cyber Bits and Tips, for byte-sized advice on all things cyber and tech. Whether you’re concerned about online safety, curious about the latest cybercrime trends, or simply want to navigate the ever-evolving digital landscape, Dr. Tom has you covered.
From practical cybersecurity tips to insightful breakdowns of current threats, Dr. Tom’s column empowers you to stay informed and protect yourself online. So, dive in and get savvy with the web – with Dr. Tom as your guide!
Sign up for our Sunday Spectator. Delivered to your inbox every Sunday, with all the news from the week.
