SitusAMC, a global consulting and technology firm serving major financial institutions, suffered a **smash-and-grab data breach** where hackers stole **corporate data** (e.g., accounting records, legal agreements) and **client-related customer data**. The breach impacted SitusAMC’s internal systems as well as sensitive information belonging to its high-profile clients, including major banks (e.g., JPMorgan Chase, Citigroup), mortgage lenders, private-equity firms, and institutional investors. The FBI was notified, and third-party cybersecurity experts were engaged to investigate. The attack was **not ransomware** but involved unauthorized exfiltration of data, with no immediate disclosure of the threat actors or the full scope of compromised records. The incident poses risks to financial confidentiality, regulatory compliance, and client trust, though the exact financial or operational repercussions remain undisclosed as investigations continue.
SitusAMC cybersecurity rating report: https://www.rankiteo.com/company/situsamc
"id": "SIT2492624112625",
"linkid": "situsamc",
"type": "Breach",
"date": "11/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Real Estate Finance (Consulting, '
'Technology, Outsourced Services)',
'location': 'Global (Headquartered in the United '
'States)',
'name': 'SitusAMC',
'type': 'Corporation'},
{'industry': 'Financial Services',
'name': 'UBS Realty Investors',
'type': 'Client'},
{'industry': 'Banking',
'name': 'JPMorgan Chase',
'type': 'Client'},
{'industry': 'Real Estate Investment',
'name': 'Hines',
'type': 'Client'},
{'industry': 'Banking',
'name': 'Citigroup',
'type': 'Client'},
{'industry': 'Financial Services',
'name': 'Morgan Stanley',
'type': 'Client'}],
'data_breach': {'data_exfiltration': True,
'personally_identifiable_information': 'Potential '
'(undisclosed)',
'sensitivity_of_data': 'High (sensitive corporate and client '
'financial/legal data)',
'type_of_data_compromised': ['Corporate data (accounting '
'records, legal agreements)',
'Client customer data']},
'description': 'A global firm providing consulting, technology, and '
'outsourced services to major banks and mortgage lenders '
'suffered a data breach. Hackers stole sensitive corporate '
'data and client details, including accounting records and '
"legal agreements. The attack was a 'smash-and-grab' (not "
'ransomware), and the FBI is investigating. Affected clients '
'may include major banks and mortgage lenders, though '
'specifics remain undisclosed.',
'impact': {'brand_reputation_impact': 'Potential (undisclosed)',
'data_compromised': ['Corporate data (accounting records, legal '
'agreements)',
'Client data (customer details)'],
'identity_theft_risk': 'Potential (undisclosed)'},
'initial_access_broker': {'high_value_targets': ['Corporate data (accounting, '
'legal)',
'Client customer data']},
'investigation_status': 'Ongoing (FBI involved)',
'ransomware': {'data_exfiltration': True},
'references': [{'source': 'TechCrunch (via TechRadar)'}],
'response': {'communication_strategy': 'Public announcement on website; media '
'outreach (limited responses from '
'clients)',
'incident_response_plan_activated': True,
'law_enforcement_notified': True,
'third_party_assistance': True},
'stakeholder_advisories': 'Limited (public announcement; clients declined to '
'comment)',
'title': 'SitusAMC Data Breach Exposing Corporate and Client Data',
'type': 'Data Breach (Smash-and-Grab)'}