SitusAMC stated that on Nov. 12, 2025, it became aware of an incident that compromised information stored in its systems, including accounting records and client legal agreements, which may also have affected data belonging to its clients’ customers.
“The scope, nature and extent of such impact remains under investigation by the Company and its third-party advisors,” the company wrote in a statement on Nov. 22. “The incident is now contained and our services are fully operational. No encrypting malware was involved.”
SitusAMC, which provides mortgage industry services spanning loan fulfillment, warehouse administration and securities valuation, notified customers JPMorgan Chase, Citi and Morgan Stanley of the incident, The New York Times reported.
Just two days after SitusAMC released its statement, plaintiff Armen Kelechian brought a complaint against the company. The case is now known as the lead case.
Kelechian, a customer of JPMorgan Chase, alleged that SitusAMC “failed to adequately protect Plaintiff’s and Class Members’ Private Information.” He said the unencrypted and unredacted data was compromised due to the defendant’s “negligent and/or careless acts and omissions” and its “utter failure to protect Plaintiff’s and Class Members’ sensitive data.”
The other plaintiffs with near-identical allegations included in the consolidation include Tamica Thomas, Steven Stack, Stacie Phillips, Timothy Le, Marsha Clarke, Judith Lewis and Deidre Dunham. All except Dunham claim they are customers of JPMorgan Chase.
Neither JPMorgan Chase nor SitusAMC immediately returned HousingWire‘s requests for comment.