Industry - Data Breach
Executive Summary
SitusAMC Holdings Corp., a mortgage industry services provider, suffered a data breach in November 2025 that compromised customer records including accounting data and legal agreements, potentially affecting clients of JPMorgan Chase, Citi, and Morgan Stanley. A federal judge has consolidated eight class-action lawsuits into one case, with plaintiffs alleging the company failed to adequately protect their personal information through negligent security practices. The company completed its for...
What Happened
SitusAMC Holdings Corp., a mortgage industry services provider, discovered a data breach on November 12, 2025, that compromised customer records including accounting data and legal agreements. The breach potentially affected personal information belonging to customers of major financial institutions including JPMorgan Chase, Citi, and Morgan Stanley. Eight separate class-action lawsuits filed by affected individuals have been consolidated into one case in federal court in New York, with a lead plaintiff seeking at least $5 million in damages. SitusAMC completed its forensic investigation by December 29, 2025, and stated the incident was contained with no encryption malware involved.
Who Is Affected
The breach potentially affects customers of JPMorgan Chase, Citi, and Morgan Stanley who had their personal information stored in SitusAMC's systems as part of mortgage servicing operations. Seven of the eight named plaintiffs in the consolidated lawsuit are JPMorgan Chase customers. The exact number of affected individuals remains undisclosed, though one complaint suggests at least hundreds of thousands of people nationwide may have been impacted.
Why It Matters
This breach exposes a systemic vulnerability in the mortgage industry's data supply chain, where third-party service providers hold sensitive customer information from multiple major financial institutions. The plaintiffs allege the compromised data was stored unencrypted and unredacted, suggesting inadequate security practices by a company handling personal information for some of the largest banks in the United States. The consolidation of eight lawsuits signals potentially significant legal and financial consequences for security failures at industry vendors.
What You Should Do
If you are a customer of JPMorgan Chase, Citi, or Morgan Stanley with a mortgage, contact your bank directly to determine if your information was affected and what specific data was compromised. Monitor your credit reports and financial accounts closely for unauthorized activity or signs of identity theft. Consider placing a fraud alert or credit freeze with the major credit bureaus to prevent unauthorized account openings. Watch for official notifications from SitusAMC or your financial institution, which may offer credit monitoring services or additional protective measures.
Summary generated from verified sources and reviewed before publication. How we summarize.
Sources