The Financial Industry Regulatory Authority (FINRA) issued an update for member firms on a recent security incident involving SitusAMC, a technology services company that provides solutions to commercial and real estate banks and financiers.
On Nov. 12, 2025, SitusAMC confirmed threat actors breached its systems and accessed sensitive client data, exposing corporate information, accounting records and legal agreements tied to major financial institutions. This is data that could be abused to target member firm customers through their fourth-party relationship to SitusAMC via its banking arrangements.
The breach potentially impacted major U.S. financial banking institutions, along with pension funds and state governments that rely on SitusAMC’s services. Among the possible exposures are:
- Unauthorized access to SitusAMC’s systems, enabling access to corporate data;
- Theft of accounting records and legal agreements associated with banking customers’ relationships with SitusAMC;
- Exposure of potentially billions of loan-related documents, given SitusAMC processes such documents annually; and
- Potential compromise of extensive personal information, including Social Security numbers, financial account details, and employment records contained in loan applications.
In its alert, FINRA explained that the main goal appeared to be large-scale data theft—leveraging stolen corporate information, accounting records, and legal agreements for potential follow-on attacks or extortion. The goal did not appear to be the deployment of malware.
In the new alert, FINRA reported that SitusAMC said the incident is “now contained” with all systems remaining operational. The company is working to identify and notify impacted clients.
“SitusAMC has been diligently working on our data review process, and the current phase of that process includes conducting keyword searches to identify our clients’ names in certain file paths that we know were impacted,” SitusAMC officials said in the Nov. 25 update.
Member firms can monitor the incident for any updates on SitusAMC’s website.
FINRA recommends that member firms discuss with their critical banking vendors if they have been impacted by the incident and what steps need to be taken to remediate and contain the incident.