S
itusAMC, a back‑end services provider for major banks, announced on Saturday that a data breach discovered earlier this month had exposed client and customer data. Earns about $1 billion annually from 1,500 clients. Investigations with external experts are underway; operations remain unaffected and no ransomware was detected. The breach compromised corporate data tied to client relationships—accounting records, legal agreements—and possibly some customer data, though no specific firms were named. “On November 12, 2025, we learned of an incident that compromised certain information in our systems,” the statement read. “Corporate data linked to our clients’ relationships, such as accounting records and legal agreements, has been impacted. Some customer data may also have been affected.” SitusAMC will issue further updates as the probe continues. CEO Michael Franco told BleepingComputer the company is fully operational and is contacting clients directly. “We are in direct contact with our clients about this matter. We remain focused on analyzing any potentially affected data and will provide updates directly to our clients as our investigation progresses,” he said. Alert arrived on November 12; breach confirmed three days later, and residential customers notified on November 16. Individual notifications continued until November 22, when all clients were informed and theft confirmed. BleepingComputer reached out to Citi and JPMorgan for confirmation. If you have information on this or other undisclosed attacks, contact us confidentially via Signal at 646‑961‑3731 or [email protected].

    The 2026 CISO Budget Benchmark report is now available. Over 300 CISOs and security leaders shared their plans, spending and priorities for the upcoming year. The report lets readers benchmark strategies, spot emerging trends and compare priorities as they prepare for 2026. Learn how top leaders turn investment into measurable impact.