Data Breach

Updated December 29, 2025

Media Inquiries: mediarelations@situsamc.com

STATEMENT

November 22, 2025 - On November 12, 2025, SitusAMC (“we” or the “Company”) became aware of an incident that we have now determined resulted in certain information from our systems being compromised. Corporate data associated with certain of our clients’ relationship with SitusAMC such as accounting records and legal agreements has been impacted. Certain data relating to some of our clients’ customers may also have been impacted. The scope, nature and extent of such impact remains under investigation by the Company and its third-party advisors.

Upon becoming aware of the incident, we commenced an investigation with the assistance of leading experts, notified (and continue to cooperate with) federal law enforcement authorities, and began taking measures to assess and contain the incident. The incident is now contained and our services are fully operational. No encrypting malware was involved.

We are in direct, regular contact with our clients about this matter. We remain focused on analyzing any potentially affected data and will provide updates directly to our clients as our investigation progresses.

_______________

UPDATE
December 29, 2025

As we head into the year-end and now that our forensic investigation has concluded, we wanted to provide a update about our response to the security incident.

Forensic Investigation

The incident is contained, the threat actor was eradicated from the SitusAMC environment, and the forensic investigation is now closed. There is no evidence of ongoing persistence of the threat actor in the network, and all known vectors for access by the threat actor and unauthorized software have been removed. As previously stated, this incident did not involve encrypting or ransomware.

Data Impact

SitusAMC is working with counsel and leading experts on the data review, including searching for any consumer personally identifiable information (PII) or sensitive confidential information that may have been involved in this incident.

Going Forward

We expect this to be our last update until the data review process is complete. We will contact our customers at the conclusion of the data review once we confirm consumer PII and/or sensitive confidential information is contained in any impacted files related to the relevant customer.

Thank you again for your continued patience and partnership and we wish you a happy new year.

Past Updates & Resources

Past Updates

December 09, 2025

December 01, 2025

November 25, 2025

Questions?

securitynotice@situsamc.com

Media Inquiries

mediarelations@situsamc.com

Frequently Asked Questions

On November 12, 2025, the Company became aware of an incident that we have now determined resulted in certain information from our systems being compromised. Upon becoming aware of the incident, the Company commenced an investigation with the assistance of leading experts, notified (and continues to cooperate with) federal law enforcement authorities, and began taking measures to assess and contain the incident. Our services are fully operational, and the incident did not involve encrypting malware.

Upon learning of the incident, we took prompt steps to investigate the nature and scope of the incident with the assistance of leading, third-party experts. We also notified and began cooperating with law enforcement. Additional hardening measures since the incident include, among others, implementing credential resets, disabling remote access tools, updating certain firewall rules, and enhancing certain security settings.

The scope, nature, and extent of the impact to clients’ data remains under investigation by the Company and its third-party advisors. We are communicating directly with impacted clients to inform them that we identified that their data was impacted. To date, we have identified that such data includes: (i) SitusAMC corporate files that generally include legal contracts and accounting documents, (ii) files associated with our residential Collateral and Asset Management (CAM) system, (iii) a smaller number of other records related to various businesses at SitusAMC, and (iv) records associated with loan file due diligence in our residential business. We are working diligently to review the impacted files and will notify you directly if we identify additional impacted files related to you.

Sample Client Letter

Dated November 25, 2025

Dear Client,

Following up on our prior communications, on or about November 12, 2025, SitusAMC (“we” or the “Company”) became aware of an incident that resulted in certain information from our systems being compromised. As described further below, we have now confirmed that certain information related to you was acquired by an unauthorized third-party during the incident.

What Information Was Involved: While our investigation remains ongoing, we want to provide you with an update regarding certain information related to you that we have determined was acquired by the unauthorized actor. Specifically, we have file paths associated with certain files that were acquired by the unauthorized actor. We conducted word searches against these file paths to identify file paths that include your name in the file path. The searched file paths are related to (i) files associated with our residential Collateral and Asset Management (CAM) system, and (ii) SitusAMC corporate files that generally include legal contracts and accounting documents. We note that this is not a review of the content of any impacted files, but rather a listing of relevant file paths likely related to you. A list of these file paths is attached hereto for your review.

We are working to review the impacted files and intend to provide you with access to the files that belong to you or your customers via a virtual data room. In addition, as we have previously advised, our investigation remains ongoing. We will notify you if we identify additional impacted files related to you, including loan files associated with residential loan file reviews.

How We Responded: Upon becoming aware of the incident, the Company commenced an investigation with the assistance of leading experts, notified and is continuing to cooperate with federal law enforcement authorities, and began taking measures to assess and contain the incident.

Our systems and services remain fully operational, and we are providing full service to our clients. The incident is contained and did not involve encrypting malware.

What We Are Doing: Upon learning of the incident, we took prompt steps to investigate the nature and scope of the incident with the assistance of leading experts. We notified and continue to closely coordinate with federal law enforcement. We took measures to further secure our systems and are monitoring them to further identify any data that may have been impacted.

We take this matter and the security of our clients’ information very seriously. If you have additional questions, please reach out to securitynotice@situsamc.com. Thank you for your ongoing partnership with SitusAMC.

Sincerely,

SitusAMC

Commercial Real Estate

Residential Real Estate

Resources & Insights

Our Company

SitusAMC Recognized for Sustainability Leadership by EcoVadis

SitusAMC Appoints Joe McBride as Senior Director of CRE Revenue

Data Breach

STATEMENT

Past Updates & Resources

Past Updates

Questions?

Media Inquiries

Frequently Asked Questions

Sample Client Letter

SitusAMC Recognized for Sustainability Leadership by EcoVadis

SitusAMC Appoints Joe McBride as Senior Director of CRE Revenue

Data Breach

STATEMENT

Past Updates & Resources

Past Updates

Questions?

Media Inquiries

Frequently Asked Questions

What happened?

What measures has SitusAMC taken in response?

Can you confirm whether my company’s data was impacted? What does the impacted data contain?

When will you be able to provide another update?

Sample Client Letter

Keep up with the latest news and perspectives in real estate