SitusAMC Data Breach Affects 658,333 Individuals: SSNs, Addresses, and Other PII Exposed

On Nov. 12, 2025, SitusAMC Holdings Corporation, a major provider of technology and advisory solutions for the real estate finance industry, discovered unauthorized access to certain systems within its information technology network. The company launched an investigation with the help of third-party cybersecurity experts and notified federal law enforcement.

The investigation determined that an unauthorized third party acquired data from specific SitusAMC systems. The breach occurred between Nov. 12 and Nov. 19, 2025, resulting in the compromise of both corporate and personal data.

Impacted information included corporate data such as accounting records and legal agreements relating to client relationships with SitusAMC. For individuals, the exposed personally identifiable information (PII) varied but may have included name, address, date of birth, driver's license, government-issued ID numbers, financial account information, and Social Security number.

The breach was disclosed to the California Attorney General, the Massachusetts Office of Consumer Affairs and Business Regulation, New Hampshire Attorney General, Oregon Attorney General, Texas Attorney General, and the Vermont Attorney General. The company also posted a disclosure of the incident on its website, updating the page as more information was discovered.

The total number of affected individuals was determined to be 658,333, including 36,827 residents of Texas, previously 36,364, 449 residents of Massachusetts, and 51 residents of New Hampshire were affected.

SitusAMC's response

SitusAMC is offering 24 months of complimentary identity theft protection and credit monitoring through IDX, a data breach and recovery services provider. This service includes credit and CyberScan monitoring, a $1,000,000 insurance reimbursement policy and fully managed identity theft recovery services.

Impacted individuals received letters with instructions on how to enroll in these services and a dedicated phone number for further assistance.

The company also encourages all potentially affected individuals to remain vigilant for signs of fraud or identity theft, review account statements and credit reports, and consider placing fraud alerts or security freezes on their credit files.