SitusAMC Data Breach Exposes SSNs, Addresses, and Other PII

On Nov. 12, 2025, SitusAMC Holdings Corporation, a major provider of technology and advisory solutions for the real estate finance industry, discovered unauthorized access to certain systems within its information technology network. The company launched an investigation with the help of third-party cybersecurity experts and notified federal law enforcement.

The investigation determined that an unauthorized third party acquired data from specific SitusAMC systems. The breach occurred between Nov. 12 and Nov. 19, 2025, resulting in the compromise of both corporate and personal data.

Impacted information included corporate data such as accounting records and legal agreements relating to client relationships with SitusAMC. For individuals, the exposed personally identifiable information (PII) varied but may have included name, address, date of birth, driver's license, government-issued ID numbers, and Social Security number.

The breach was disclosed to the California Attorney General, the Massachusetts Office of Consumer Affairs and Business Regulation, Texas Attorney General, and the Vermont Attorney General. The company also posted a disclosure of the incident on its website, updating the page as more information was discovered.

At this time, the total number of affected individuals has not been publicly disclosed; however, 12,701 residents of Texas and 449 residents of Massachusetts were affected.

SitusAMC's response

SitusAMC worked to assess and contain the incident with leading cybersecurity experts to investigate the nature and scope of the attack, notified and cooperated with law enforcement, and implemented additional security measures.

To support those affected, SitusAMC is offering 24 months of complimentary identity theft protection and credit monitoring through IDX, a data breach and recovery services provider. This service includes credit and CyberScan monitoring, a $1,000,000 insurance reimbursement policy and fully managed identity theft recovery services.

Impacted individuals received letters with instructions on how to enroll in these services and a dedicated phone number for further assistance.

The company also encourages all potentially affected individuals to remain vigilant for signs of fraud or identity theft, review account statements and credit reports, and consider placing fraud alerts or security freezes on their credit files.