SitusAMC
Company Details
Linkedin ID:
situsamc
Website:
Employees number:
4,500
Number of followers:
52,264
NAICS:
None
Industry Type:
Homepage:
situsamc.com
IP Addresses:
0
Company ID:
SIT_2762125
Scan Status:
In-progress
SitusAMC Company CyberSecurity Posture
situsamc.com
SitusAMC is the leading independent provider of innovative, trusted solutions that support the entire lifecycle of commercial and residential real estate finance, powering more efficient, effective, and agile businesses. We partner with leading lenders and investors to help them originate, transact, manage, and value their real estate portfolios. We do this through strategic outsourcing, advisory, talent, and technology solutions. Rating NMLS ID #’s 1978519 – DynAMC Solutions, LLC 1924014 – Situs Asset Management, LLC 1947392 – Situs Holdings, LLC 1778442 – SPT Commercial Mortgage
SitusAMC A.I CyberSecurity Scoring
SitusAMC Risk Score (AI oriented)Between 0 and 549
SitusAMC
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
SitusAMC Global Score (TPRM)XXXX
SitusAMC
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
SitusAMC Company CyberSecurity News & History
Past Incidents
6
Attack Types
2
SitusAMC
Breach
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: SitusAMC, a technology provider for major financial institutions, confirmed a **data breach** exposing corporate client data, including **accounting records and legal agreements** tied to its relationships with firms like JPMorgan Chase and Citi. The breach’s full scope—such as the number of affected consumers or the exact volume of compromised data—remains under investigation by the company and third-party advisors. While the FBI acknowledged the incident, it reported no immediate disruptions to banking services. The breach raises concerns over potential financial fraud, reputational damage, and regulatory scrutiny, though no direct evidence of stolen customer PII (e.g., bank credentials or identities) has been publicly confirmed. The attack’s focus on **corporate and client contractual data** suggests operational and legal risks for the impacted financial entities, though the absence of confirmed consumer harm or systemic banking failures tempers the immediate fallout.
SitusAMC
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: SitusAMC, a New York-based third-party tech vendor serving major Wall Street banks (including JPMorgan Chase, Citi, and Morgan Stanley), suffered a cyber breach exposing sensitive corporate data, legal agreements, and **customer mortgage records**. The attack, detected on **November 12th** and contained by November 22nd, compromised accounting records and residential mortgage data tied to clients’ customers. While the vendor confirmed no operational disruption or ransomware involvement, the breach’s scope remains under investigation. Given SitusAMC’s role in managing **$13.5 trillion in US mortgages (44% of America’s GDP)**, the incident raises critical concerns about systemic risks to financial institutions and the broader economy. The FBI downplayed immediate operational impacts but highlighted the potential for long-term reputational and financial fallout across the banking sector. The breach underscores vulnerabilities in third-party supply chains, echoing recent high-profile attacks on vendors like Marks & Spencer’s contractor and Salesforce’s Gainsight platform.
SitusAMC
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: SitusAMC, a provider of real estate loan and mortgage services to major financial institutions like JPMorgan Chase, Citi, and Morgan Stanley, suffered a **large-scale data breach** detected on **November 12**. The attack exposed **corporate data** (accounting records, legal agreements) tied to client relationships, as well as **customer data** from affected organizations. While the full scope remains under investigation, the breach has triggered alerts to over **100 financial firms**, including high-profile banks, whose clients’ data may have been stolen. The incident was contained within **10 days**, with no ransomware or encrypting malware involved. The FBI is investigating, confirming **no operational impact on banking services**, but the breach highlights escalating risks from **third-party vulnerabilities** in the financial sector. The exposed data—potentially including system architectures, SLAs, and credentials—could enable **follow-on attacks** against interconnected firms, raising concerns over lateral movement, regulatory scrutiny, and investor risks. The attack underscores how threat actors exploit third-party providers to access high-value financial networks, leveraging AI to scale reconnaissance and precision targeting.
SitusAMC
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: SitusAMC, a financial service provider handling billions of loan-related documents annually for over 1,500 commercial and residential real-estate financiers, suffered a data breach on **12th November**. Hackers infiltrated its systems and stole **corporate data tied to banking customers' relationships**, including **accounting records and legal agreements**. Major US banks like **JPMorgan Chase, Citigroup, and Morgan Stanley** were notified of potential exposure, though the full scope of compromised data remains under investigation. The breach was **not a ransomware attack**, as no encrypting malware was detected—indicating a focused effort on **data exfiltration** rather than system disruption. SitusAMC contained the incident, reset credentials, disabled remote access tools, and cooperated with law enforcement (including the FBI). The breach highlights vulnerabilities in **third-party vendor dependencies**, risking cascading exposure across financial institutions. While no operational impact on banking services was reported, the stolen data could include **sensitive non-public information** from lenders, investors, and mortgage servicers, posing reputational and financial risks to affected clients.
SitusAMC
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: SitusAMC, a global consulting and technology firm serving major financial institutions, suffered a **smash-and-grab data breach** where hackers stole **corporate data** (e.g., accounting records, legal agreements) and **client-related customer data**. The breach impacted SitusAMC’s internal systems as well as sensitive information belonging to its high-profile clients, including major banks (e.g., JPMorgan Chase, Citigroup), mortgage lenders, private-equity firms, and institutional investors. The FBI was notified, and third-party cybersecurity experts were engaged to investigate. The attack was **not ransomware** but involved unauthorized exfiltration of data, with no immediate disclosure of the threat actors or the full scope of compromised records. The incident poses risks to financial confidentiality, regulatory compliance, and client trust, though the exact financial or operational repercussions remain undisclosed as investigations continue.
SitusAMC
Cyber Attack
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: SitusAMC, a provider of loans and mortgage services to major US banks (including JPMorgan Chase and Citigroup), suffered a cyber attack in November 2025. The breach compromised **corporate data** (accounting records, legal agreements) and **customer-related data** linked to its banking clients. The incident exposed vulnerabilities in third-party supplier security, highlighting risks in the interconnected financial services ecosystem. The FBI was notified, and SitusAMC conducted keyword searches to identify impacted client data. The attack underscores a shift in cybercriminal tactics—prioritizing **stealthy data exfiltration** over immediate disruption—while emphasizing the critical need for robust vendor risk management. The breach’s ripple effect threatens financial institutions’ operational resilience, with potential long-term reputational and financial consequences for both SitusAMC and its banking partners.
SitusAMC Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for SitusAMC
Incidents vs Real Estate Industry Average (This Year)
SitusAMC has 745.07% more incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
SitusAMC has 837.5% more incidents than the average of all companies with at least one recorded incident.
Incident Types SitusAMC vs Real Estate Industry Avg (This Year)
SitusAMC reported 6 incidents this year: 1 cyber attacks, 0 ransomware, 0 vulnerabilities, 5 data breaches, compared to industry peers with at least 1 incident.
Incident History — SitusAMC (X = Date, Y = Severity)
SitusAMC cyber incidents detection timeline including parent company and subsidiaries
SitusAMC Company Subsidiaries
SitusAMC is the leading independent provider of innovative, trusted solutions that support the entire lifecycle of commercial and residential real estate finance, powering more efficient, effective, and agile businesses. We partner with leading lenders and investors to help them originate, transact, manage, and value their real estate portfolios. We do this through strategic outsourcing, advisory, talent, and technology solutions. Rating NMLS ID #’s 1978519 – DynAMC Solutions, LLC 1924014 – Situs Asset Management, LLC 1947392 – Situs Holdings, LLC 1778442 – SPT Commercial Mortgage
Loading...
SitusAMC Similar Companies
Emaar
WHO WE ARE Emaar is a pioneer of master-planned communities in Dubai since its inception in 1997. It is listed on the Dubai Financial Market as a public joint-stock company. Building upon the legacy of our flagship Downtown Dubai creations — the iconic Burj Khalifa, Dubai Mall, and Dubai Fountain —
Keller Williams Realty, LLC
Austin, Texas-based Keller Williams, the world’s largest real estate franchise by agent count, has more than 1,100 offices and 176,000 agents. The franchise is also No. 1 in units and sales volume in the United States. Since 1983, the company has cultivated an agent-centric, technology-driven, and
IWG is leading the workspace revolution. Our companies help more than 2.5 million people and their businesses to work more productively. We do so by providing a choice of professional, inspiring and collaborative workspaces, communities and services. Our customers are start-ups, small and medium-s
Berkshire Hathaway HomeServices
Berkshire Hathaway HomeServices is a global residential real estate network with more than 50,000 real estate professionals and nearly 1,600 offices across 4 continents and 13 countries and territories including the U.S., Canada, Mexico, Europe, the Middle East, The Caribbean and India. In 2022, th
MEB Management Services (Morrison, Ekre & Bart Management Services)
MEB’S ability to create value for both clients and residents has been the cornerstone of our success. Scott, Libby, Mark, and Jodi have been active in the real estate management industry and have over 125 years of combined experience. With their breadth and depth of knowledge, MEB is the “go-to” co
Lopes Consultoria de Imóveis
A GARANTIA DE SER LOPES A Lopes é a maior empresa de soluções integradas de intermediação, consultoria e promoção de financiamentos de imóveis do Brasil. Está presente em 10 estados - São Paulo, Rio de Janeiro, Minas Gerais, Espírito Santo, Rio Grande do Sul, Paraná, Santa Catarina, Bahia, Per
Empire Company Limited
Empire Company Limited (TSX: EMP.A) is a Canadian company headquartered in Stellarton, Nova Scotia. Empire’s key businesses are food retailing, through wholly-owned subsidiary Sobeys Inc., and related real estate. With approximately $30.5 billion in annual sales and $16.5 billion in assets, Empire C
City Developments Limited
City Developments Limited (CDL) is a leading global real estate company with a network spanning 163 locations in 29 countries and regions. Listed on the Singapore Exchange, the Group is one of the largest companies by market capitalisation. Its income-stable and geographically-diverse portfolio comp
Anywhere Real Estate Inc.
Anywhere Real Estate Inc. (NYSE: HOUS) is moving the real estate industry to what's next. A leader of integrated residential real estate services, Anywhere includes franchise, brokerage, relocation, and title and settlement businesses, as well as mortgage and title insurance underwriter joint ventur
.png)
SitusAMC CyberSecurity News
May 24, 2024 07:00 AM
CISO Leadership Awards 2024 Organized by Krypton India: Celebrating Excellence in Cybersecurity
Friday, May 24, 2024 10:50AM IST (5:20AM GMT). thumb_ImageTitle_90162.jpg. Awards Winners of CISO Leadership Awards 2024. Mumbai, Maharashtra, India --.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
SitusAMC CyberSecurity History Information
Official Website of SitusAMC
The official website of SitusAMC is https://www.situsamc.com/.
SitusAMC’s AI-Generated Cybersecurity Score
According to Rankiteo, SitusAMC’s AI-generated cybersecurity score is 485, reflecting their Critical security posture.
How many security badges does SitusAMC’ have ?
According to Rankiteo, SitusAMC currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does SitusAMC have SOC 2 Type 1 certification ?
According to Rankiteo, SitusAMC is not certified under SOC 2 Type 1.
Does SitusAMC have SOC 2 Type 2 certification ?
According to Rankiteo, SitusAMC does not hold a SOC 2 Type 2 certification.
Does SitusAMC comply with GDPR ?
According to Rankiteo, SitusAMC is not listed as GDPR compliant.
Does SitusAMC have PCI DSS certification ?
According to Rankiteo, SitusAMC does not currently maintain PCI DSS compliance.
Does SitusAMC comply with HIPAA ?
According to Rankiteo, SitusAMC is not compliant with HIPAA regulations.
Does SitusAMC have ISO 27001 certification ?
According to Rankiteo,SitusAMC is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of SitusAMC
SitusAMC operates primarily in the Real Estate industry.
Number of Employees at SitusAMC
SitusAMC employs approximately 4,500 people worldwide.
Subsidiaries Owned by SitusAMC
SitusAMC presently has no subsidiaries across any sectors.
SitusAMC’s LinkedIn Followers
SitusAMC’s official LinkedIn profile has approximately 52,264 followers.
NAICS Classification of SitusAMC
SitusAMC is classified under the NAICS code None, which corresponds to Others.
SitusAMC’s Presence on Crunchbase
Yes, SitusAMC has an official profile on Crunchbase, which can be accessed here: https://www.crunchbase.com/organization/situsamc.
SitusAMC’s Presence on LinkedIn
Yes, SitusAMC maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/situsamc.
Cybersecurity Incidents Involving SitusAMC
As of November 27, 2025, Rankiteo reports that SitusAMC has experienced 6 cybersecurity incidents.
Number of Peer and Competitor Companies
SitusAMC has an estimated 29,158 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at SitusAMC ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach and Cyber Attack.
How does SitusAMC detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an third party assistance with security experts (unnamed), and law enforcement notified with fbi, and containment measures with systems secured (details unspecified), and communication strategy with customer letter issued, communication strategy with public statement, communication strategy with fbi director’s market-calming statement, and and third party assistance with leading cybersecurity experts, and law enforcement notified with fbi, and containment measures with systems hardened, containment measures with incident contained within 10 days, and communication strategy with notice to affected organizations, communication strategy with public statement, and and and and containment measures with credential resets, containment measures with disabled remote access tools, containment measures with updated firewall rules, containment measures with strengthened security settings, and communication strategy with public statement, communication strategy with breach notifications to affected institutions (jpmorgan, citi, morgan stanley), and and and remediation measures with data review process with keyword searches to identify impacted clients, and communication strategy with public statements on 2025-11-22 and 2025-11-25, and and and and communication strategy with public announcement on website; media outreach (limited responses from clients), and and and and communication strategy with public statement and client notifications..
Incident Details
Can you provide details on each incident ?
Title: Cyber-Attack on SitusAMC Affecting Major Wall Street Banks
Description: Major Wall Street banks, including JPMorgan Chase, Citi, and Morgan Stanley, were impacted by a cyber-attack targeting SitusAMC, a third-party tech vendor processing real estate loans. The breach exposed sensitive customer and mortgage data, as well as corporate records and legal agreements. The incident was first noticed on November 12, 2023, and contained by November 22, 2023. The FBI and third-party security experts are investigating the scope and extent of the breach, which did not involve ransomware or encrypting malware. SitusAMC’s systems remain operational, but the breach has raised concerns about third-party vendor security in critical supply chains.
Date Detected: 2023-11-12
Date Publicly Disclosed: 2023-11-22
Type: Data Breach
Title: SitusAMC Data Breach Exposes Client and Customer Data
Description: SitusAMC, a provider of real estate loan and mortgage services to major financial institutions like JPMorgan Chase, Citi, and Morgan Stanley, detected a large-scale data breach on November 12. The breach may have exposed corporate data (e.g., accounting records, legal agreements) and client customer data. The incident was contained within 10 days, with no encrypting malware involved. Over 100 organizations, including high-profile banks, were notified of potential data exposure. The FBI is investigating, with no operational impact reported on banking services. The breach highlights growing third-party risks in the financial sector, where 30% of breaches involve third parties and 97% of top U.S. banks have been affected by third-party incidents.
Date Detected: 2023-11-12
Type: Data Breach
Motivation: Data TheftLeverage for Follow-on AttacksFinancial Gain
Title: SitusAMC Data Breach Exposes JPMorgan, Citi, and Morgan Stanley Customer Data
Description: Financial service provider SitusAMC confirmed a data breach on 12th November 2023, potentially exposing sensitive corporate data tied to its banking customers, including JPMorgan Chase, Citigroup, and Morgan Stanley. The attackers stole accounting records and legal agreements, but no encrypting malware was found, indicating a focus on data exfiltration rather than ransomware. The breach highlights risks in third-party vendor dependencies within the financial sector.
Date Detected: 2023-11-12
Date Publicly Disclosed: 2023-11-18
Type: Data Breach
Motivation: Data Theft / Espionage (presumed)
Title: SitusAMC Cyber Attack Exposes US Banks' Loan and Mortgage Data
Description: SitusAMC, a tech supplier providing loans and mortgage services to US banks (including JPMorgan Chase and Citigroup), suffered a cyber attack resulting in the compromise of 'certain information' from its systems. Corporate data such as accounting records and legal agreements, as well as some clients' customer data, were impacted. The breach highlights risks in the financial sector's growing reliance on third-party fintech partners. The FBI was notified, and SitusAMC is conducting keyword searches to identify affected clients.
Date Detected: 2025-11-12
Date Publicly Disclosed: 2025-11-22
Type: Data Breach
Motivation: Data TheftEspionage
Title: SitusAMC Data Breach Exposing Corporate and Client Data
Description: A global firm providing consulting, technology, and outsourced services to major banks and mortgage lenders suffered a data breach. Hackers stole sensitive corporate data and client details, including accounting records and legal agreements. The attack was a 'smash-and-grab' (not ransomware), and the FBI is investigating. Affected clients may include major banks and mortgage lenders, though specifics remain undisclosed.
Type: Data Breach (Smash-and-Grab)
Title: SitusAMC Data Breach Affecting Major Financial Institutions
Description: SitusAMC, a technology provider for financial firms, suffered a data breach impacting corporate data of its clients, including accounting records and legal agreements. Major institutions like JPMorgan Chase and Citi were notified of potential exposure. The scope, nature, and extent of the impact remain under investigation. The FBI is aware but has not identified issues with banking services.
Date Publicly Disclosed: 2023-10-21
Type: Data Breach
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach SIT2192821112425
Data Compromised: Corporate accounting records, Legal agreements with clients, Residential mortgage data, Customers’ personal data (loan applications), Sensitive details about investment banks
Systems Affected: SitusAMC internal systems
Downtime: None (systems fully operational)
Operational Impact: None reported for banking services (per FBI)
Brand Reputation Impact: Potential reputational damage to SitusAMCHeightened concerns about third-party vendor security in financial sector
Identity Theft Risk: ['High (personal data in loan applications exposed)']
Incident : Data Breach SIT2794427112425
Data Compromised: Corporate data (accounting records, legal agreements), Client customer data
Operational Impact: None (services fully operational)
Brand Reputation Impact: Potential reputational damageRegulatory scrutiny risk
Identity Theft Risk: ['Potential (if credentials stolen)']
Incident : Data Breach SIT1640716112525
Data Compromised: Corporate data tied to banking customers' relationships, Accounting records, Legal agreements
Operational Impact: None reported (systems fully operational)
Brand Reputation Impact: Potential reputational harm to SitusAMC and affected banks (JPMorgan, Citi, Morgan Stanley)
Identity Theft Risk: High (sensitive financial data exposed)
Incident : Data Breach SIT3233032112625
Data Compromised: Accounting records, Legal agreements, Clients' customer data
Operational Impact: Ongoing data review and keyword searches to identify impacted clients
Brand Reputation Impact: Potential reputational damage to SitusAMC and affected banks (e.g., JPMorgan Chase, Citigroup)
Identity Theft Risk: Possible (if customer data included PII)
Incident : Data Breach (Smash-and-Grab) SIT2492624112625
Data Compromised: Corporate data (accounting records, legal agreements), Client data (customer details)
Brand Reputation Impact: Potential (undisclosed)
Identity Theft Risk: Potential (undisclosed)
Incident : Data Breach SIT4294342112625
Data Compromised: Accounting records, Legal agreements
Brand Reputation Impact: Potential (under investigation)
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Corporate Data, Client Legal Agreements, Residential Mortgage Data, Personal Identifiers In Loan Applications, Sensitive Investment Bank Details, , Accounting Records, Legal Agreements, Client Customer Data, , Corporate Data (Banking Customer Relationships), Accounting Records, Legal Agreements, , Corporate Data (Accounting Records, Legal Agreements), Clients' Customer Data, , Corporate Data (Accounting Records, Legal Agreements), Client Customer Data, , Accounting Records, Legal Agreements, Corporate Client Relationship Data and .
Which entities were affected by each incident ?
Incident : Data Breach SIT2192821112425
Entity Name: SitusAMC
Entity Type: Third-Party Tech Vendor
Industry: Real Estate Loan Processing
Location: New York, USA
Customers Affected: JPMorgan Chase, Citi, Morgan Stanley, Hundreds of other banks, private equity firms, asset managers, and insurance companies
Incident : Data Breach SIT2192821112425
Entity Name: JPMorgan Chase
Entity Type: Bank
Industry: Financial Services
Location: USA
Size: Large (Global)
Incident : Data Breach SIT2192821112425
Entity Name: Citi
Entity Type: Bank
Industry: Financial Services
Location: USA
Size: Large (Global)
Incident : Data Breach SIT2192821112425
Entity Name: Morgan Stanley
Entity Type: Bank
Industry: Financial Services
Location: USA
Size: Large (Global)
Incident : Data Breach SIT2794427112425
Entity Name: SitusAMC
Entity Type: Third-Party Service Provider
Industry: Financial Services (Real Estate Loan/Mortgage)
Size: ~5,000 employees
Customers Affected: 100+ organizations (including JPMorgan Chase, Citi, Morgan Stanley)
Incident : Data Breach SIT2794427112425
Entity Name: JPMorgan Chase
Entity Type: Client (Financial Institution)
Industry: Banking
Incident : Data Breach SIT2794427112425
Entity Name: Citi
Entity Type: Client (Financial Institution)
Industry: Banking
Incident : Data Breach SIT2794427112425
Entity Name: Morgan Stanley
Entity Type: Client (Financial Institution)
Industry: Banking
Incident : Data Breach SIT1640716112525
Entity Name: SitusAMC
Entity Type: Financial Technology Provider
Industry: Financial Services / Real Estate Financing
Location: New York, USA
Size: $1 billion annual revenue; serves 1,500+ commercial/residential real-estate financiers
Incident : Data Breach SIT1640716112525
Entity Name: JPMorgan Chase
Entity Type: Bank
Industry: Financial Services
Location: USA
Incident : Data Breach SIT1640716112525
Entity Name: Citigroup (Citi)
Entity Type: Bank
Industry: Financial Services
Location: USA
Incident : Data Breach SIT1640716112525
Entity Name: Morgan Stanley
Entity Type: Bank
Industry: Financial Services
Location: USA
Incident : Data Breach SIT1640716112525
Entity Name: Unnamed pension funds and state governments
Entity Type: Government/Institutional
Industry: Public Sector / Finance
Location: USA
Incident : Data Breach SIT3233032112625
Entity Name: SitusAMC
Entity Type: Fintech Service Provider
Industry: Financial Services (Loan/Mortgage Technology)
Location: United States
Customers Affected: Clients' customers (scope under investigation)
Incident : Data Breach SIT3233032112625
Entity Name: JPMorgan Chase
Entity Type: Bank
Industry: Financial Services
Location: United States
Incident : Data Breach SIT3233032112625
Entity Name: Citigroup
Entity Type: Bank
Industry: Financial Services
Location: United States
Incident : Data Breach (Smash-and-Grab) SIT2492624112625
Entity Name: SitusAMC
Entity Type: Corporation
Industry: Real Estate Finance (Consulting, Technology, Outsourced Services)
Location: Global (Headquartered in the United States)
Incident : Data Breach (Smash-and-Grab) SIT2492624112625
Entity Name: UBS Realty Investors
Entity Type: Client
Industry: Financial Services
Incident : Data Breach (Smash-and-Grab) SIT2492624112625
Entity Name: JPMorgan Chase
Entity Type: Client
Industry: Banking
Incident : Data Breach (Smash-and-Grab) SIT2492624112625
Entity Name: Hines
Entity Type: Client
Industry: Real Estate Investment
Incident : Data Breach (Smash-and-Grab) SIT2492624112625
Entity Name: Citigroup
Entity Type: Client
Industry: Banking
Incident : Data Breach (Smash-and-Grab) SIT2492624112625
Entity Name: Morgan Stanley
Entity Type: Client
Industry: Financial Services
Incident : Data Breach SIT4294342112625
Entity Name: SitusAMC
Entity Type: Technology Provider
Industry: Financial Services
Incident : Data Breach SIT4294342112625
Entity Name: JPMorgan Chase
Entity Type: Financial Institution
Industry: Banking
Incident : Data Breach SIT4294342112625
Entity Name: Citi
Entity Type: Financial Institution
Industry: Banking
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach SIT2192821112425
Incident Response Plan Activated: True
Third Party Assistance: Security Experts (Unnamed).
Law Enforcement Notified: FBI,
Containment Measures: Systems secured (details unspecified)
Communication Strategy: Customer letter issuedPublic statementFBI Director’s market-calming statement
Incident : Data Breach SIT2794427112425
Incident Response Plan Activated: True
Third Party Assistance: Leading Cybersecurity Experts.
Law Enforcement Notified: FBI,
Containment Measures: Systems hardenedIncident contained within 10 days
Communication Strategy: Notice to affected organizationsPublic statement
Incident : Data Breach SIT1640716112525
Incident Response Plan Activated: True
Containment Measures: Credential resetsDisabled remote access toolsUpdated firewall rulesStrengthened security settings
Communication Strategy: Public statementBreach notifications to affected institutions (JPMorgan, Citi, Morgan Stanley)
Incident : Data Breach SIT3233032112625
Incident Response Plan Activated: True
Remediation Measures: Data review process with keyword searches to identify impacted clients
Communication Strategy: Public statements on 2025-11-22 and 2025-11-25
Incident : Data Breach (Smash-and-Grab) SIT2492624112625
Incident Response Plan Activated: True
Communication Strategy: Public announcement on website; media outreach (limited responses from clients)
Incident : Data Breach SIT4294342112625
Incident Response Plan Activated: True
Communication Strategy: Public statement and client notifications
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through Security experts (unnamed), , Leading cybersecurity experts, , , , .
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach SIT2192821112425
Type of Data Compromised: Corporate data, Client legal agreements, Residential mortgage data, Personal identifiers in loan applications, Sensitive investment bank details
Sensitivity of Data: High (includes personal and financial data)
Data Exfiltration: Likely (under investigation)
Data Encryption: No (no encrypting malware used)
Incident : Data Breach SIT2794427112425
Type of Data Compromised: Accounting records, Legal agreements, Client customer data
Sensitivity of Data: High (potential system architecture diagrams, credentials, SLAs)
Data Exfiltration: Likely (under investigation)
Data Encryption: No (no encrypting malware involved)
Personally Identifiable Information: Potential (if client customer data included PII)
Incident : Data Breach SIT1640716112525
Type of Data Compromised: Corporate data (banking customer relationships), Accounting records, Legal agreements
Sensitivity of Data: High (non-public financial information)
Incident : Data Breach SIT3233032112625
Type of Data Compromised: Corporate data (accounting records, legal agreements), Clients' customer data
Sensitivity of Data: High (financial/legal documents)
Personally Identifiable Information: Possible (not explicitly confirmed)
Incident : Data Breach (Smash-and-Grab) SIT2492624112625
Type of Data Compromised: Corporate data (accounting records, legal agreements), Client customer data
Sensitivity of Data: High (sensitive corporate and client financial/legal data)
Personally Identifiable Information: Potential (undisclosed)
Incident : Data Breach SIT4294342112625
Type of Data Compromised: Accounting records, Legal agreements, Corporate client relationship data
Sensitivity of Data: High (financial/legal)
Data Exfiltration: Confirmed (under investigation)
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Data review process with keyword searches to identify impacted clients.
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by systems secured (details unspecified), , systems hardened, incident contained within 10 days, , credential resets, disabled remote access tools, updated firewall rules, strengthened security settings and .
Ransomware Information
Was ransomware involved in any of the incidents ?
Incident : Data Breach SIT2794427112425
Data Encryption: No
Data Exfiltration: Likely (under investigation)
Incident : Data Breach SIT1640716112525
Data Exfiltration: True
Incident : Data Breach SIT3233032112625
Data Exfiltration: True
Incident : Data Breach (Smash-and-Grab) SIT2492624112625
Data Exfiltration: True
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Data Breach SIT2192821112425
Regulatory Notifications: FBI involved
Incident : Data Breach SIT2794427112425
Regulatory Notifications: FBI notified
Incident : Data Breach SIT1640716112525
Regulatory Notifications: FBI notified and involved in investigation
Incident : Data Breach SIT3233032112625
Regulatory Notifications: FBI notified
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : Data Breach SIT2192821112425
Lessons Learned: Heightened risks of third-party vendor breaches in critical supply chains, Need for stricter security practices for vendors (e.g., JPMorgan CISO’s statement), Potential systemic risk to financial sector from concentrated third-party dependencies
Incident : Data Breach SIT2794427112425
Lessons Learned: Third-party breaches are a critical vector for financial sector attacks (30% of breaches involve third parties)., AI enables threat actors to scale sophisticated attacks against third parties with limited expertise., Interconnected data flows in financial services create ripple effects (e.g., credentials stolen from a vendor can enable lateral movement)., Preventable failures (missed patches, unmonitored vendor access) are common root causes., Stronger third-party oversight and continuous monitoring are essential.
Incident : Data Breach SIT1640716112525
Lessons Learned: Third-party vendor risks can cascade across financial sector partners., Continuous validation of IT environments and supply chain security is critical., Assumptions about security controls must be verified, not taken for granted., Resilience requires collective responsibility across interconnected systems.
Incident : Data Breach SIT3233032112625
Lessons Learned: Third-party fintech partners introduce significant risk to financial institutions, with 96% of EU financial firms affected by third-party breaches (per SecurityScorecard)., Attackers are shifting toward quiet data extraction over disruptive attacks, complicating detection., Continuous visibility into vendor ecosystems and real-time validation of partner controls are critical.
What recommendations were made to prevent future incidents ?
Incident : Data Breach SIT2192821112425
Recommendations: Enhance third-party vendor security assessments, Implement stricter contractual security requirements for vendors, Monitor dark web for exposed data, Conduct regular supply chain risk auditsEnhance third-party vendor security assessments, Implement stricter contractual security requirements for vendors, Monitor dark web for exposed data, Conduct regular supply chain risk auditsEnhance third-party vendor security assessments, Implement stricter contractual security requirements for vendors, Monitor dark web for exposed data, Conduct regular supply chain risk auditsEnhance third-party vendor security assessments, Implement stricter contractual security requirements for vendors, Monitor dark web for exposed data, Conduct regular supply chain risk audits
Incident : Data Breach SIT2794427112425
Recommendations: Implement micro-segmentation to limit lateral movement if third-party credentials are compromised., Adopt cryptographic passwordless credentials tied to hardware for third-party access., Enhance third-party risk assessments, including AI-driven reconnaissance capabilities., Monitor supply chain and third-party ecosystems for active compromises., Clarify incident response plans for third-party breaches, including communication protocols.Implement micro-segmentation to limit lateral movement if third-party credentials are compromised., Adopt cryptographic passwordless credentials tied to hardware for third-party access., Enhance third-party risk assessments, including AI-driven reconnaissance capabilities., Monitor supply chain and third-party ecosystems for active compromises., Clarify incident response plans for third-party breaches, including communication protocols.Implement micro-segmentation to limit lateral movement if third-party credentials are compromised., Adopt cryptographic passwordless credentials tied to hardware for third-party access., Enhance third-party risk assessments, including AI-driven reconnaissance capabilities., Monitor supply chain and third-party ecosystems for active compromises., Clarify incident response plans for third-party breaches, including communication protocols.Implement micro-segmentation to limit lateral movement if third-party credentials are compromised., Adopt cryptographic passwordless credentials tied to hardware for third-party access., Enhance third-party risk assessments, including AI-driven reconnaissance capabilities., Monitor supply chain and third-party ecosystems for active compromises., Clarify incident response plans for third-party breaches, including communication protocols.Implement micro-segmentation to limit lateral movement if third-party credentials are compromised., Adopt cryptographic passwordless credentials tied to hardware for third-party access., Enhance third-party risk assessments, including AI-driven reconnaissance capabilities., Monitor supply chain and third-party ecosystems for active compromises., Clarify incident response plans for third-party breaches, including communication protocols.
Incident : Data Breach SIT1640716112525
Recommendations: Enforce multi-factor authentication (MFA) and single sign-on (SSO) across all systems., Regularly evaluate security posture of partners/vendors with strong fundamentals., Maintain procedures to prevent breaches from spreading through vendor networks., Implement continuous validation of IT controls and response readiness.Enforce multi-factor authentication (MFA) and single sign-on (SSO) across all systems., Regularly evaluate security posture of partners/vendors with strong fundamentals., Maintain procedures to prevent breaches from spreading through vendor networks., Implement continuous validation of IT controls and response readiness.Enforce multi-factor authentication (MFA) and single sign-on (SSO) across all systems., Regularly evaluate security posture of partners/vendors with strong fundamentals., Maintain procedures to prevent breaches from spreading through vendor networks., Implement continuous validation of IT controls and response readiness.Enforce multi-factor authentication (MFA) and single sign-on (SSO) across all systems., Regularly evaluate security posture of partners/vendors with strong fundamentals., Maintain procedures to prevent breaches from spreading through vendor networks., Implement continuous validation of IT controls and response readiness.
Incident : Data Breach SIT3233032112625
Recommendations: Financial institutions must elevate partner risk management to the level of internal security., Implement continuous monitoring of third/fourth-party vendors (as mandated by regulations like the EU's Digital Operational Resilience Act)., Assume all non-public data shared with partners is a potential exposure point.Financial institutions must elevate partner risk management to the level of internal security., Implement continuous monitoring of third/fourth-party vendors (as mandated by regulations like the EU's Digital Operational Resilience Act)., Assume all non-public data shared with partners is a potential exposure point.Financial institutions must elevate partner risk management to the level of internal security., Implement continuous monitoring of third/fourth-party vendors (as mandated by regulations like the EU's Digital Operational Resilience Act)., Assume all non-public data shared with partners is a potential exposure point.
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are Heightened risks of third-party vendor breaches in critical supply chains,Need for stricter security practices for vendors (e.g., JPMorgan CISO’s statement),Potential systemic risk to financial sector from concentrated third-party dependenciesThird-party breaches are a critical vector for financial sector attacks (30% of breaches involve third parties).,AI enables threat actors to scale sophisticated attacks against third parties with limited expertise.,Interconnected data flows in financial services create ripple effects (e.g., credentials stolen from a vendor can enable lateral movement).,Preventable failures (missed patches, unmonitored vendor access) are common root causes.,Stronger third-party oversight and continuous monitoring are essential.Third-party vendor risks can cascade across financial sector partners.,Continuous validation of IT environments and supply chain security is critical.,Assumptions about security controls must be verified, not taken for granted.,Resilience requires collective responsibility across interconnected systems.Third-party fintech partners introduce significant risk to financial institutions, with 96% of EU financial firms affected by third-party breaches (per SecurityScorecard).,Attackers are shifting toward quiet data extraction over disruptive attacks, complicating detection.,Continuous visibility into vendor ecosystems and real-time validation of partner controls are critical.
References
Where can I find more information about each incident ?
Incident : Data Breach SIT2192821112425
Source: New York Times
Incident : Data Breach SIT2192821112425
Source: FBI Statement (via NYT)
Incident : Data Breach SIT2794427112425
Source: SitusAMC Public Notice
Incident : Data Breach SIT2794427112425
Source: The New York Times
Incident : Data Breach SIT2794427112425
Source: SecurityScorecard 2025 Global Third Party Breach Report
Incident : Data Breach SIT2794427112425
Source: Verizon Data Breach Investigations Report
Incident : Data Breach SIT2794427112425
Source: Security Boulevard (Interviews with Agnidipta Sarkar, Dave Tyson)
Incident : Data Breach SIT1640716112525
Source: CNN
Incident : Data Breach SIT1640716112525
Source: Bloomberg
Incident : Data Breach SIT1640716112525
Source: The New York Times
Incident : Data Breach SIT1640716112525
Source: FBI Statement (Kash Patel)
Incident : Data Breach SIT1640716112525
Source: TPO Group (Munish Walther-Puri)
Incident : Data Breach SIT1640716112525
Source: ThreatAware (Jon Abbott)
Incident : Data Breach SIT3233032112625
Source: SecurityScorecard Research (2025)
Incident : Data Breach SIT3233032112625
Source: SitusAMC Public Statements (2025-11-22, 2025-11-25)
Incident : Data Breach SIT3233032112625
Source: EU Digital Operational Resilience Act (DORA)
Incident : Data Breach (Smash-and-Grab) SIT2492624112625
Source: TechCrunch (via TechRadar)
Incident : Data Breach SIT4294342112625
Source: CNN
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: New York Times, and Source: SitusAMC Customer LetterDate Accessed: 2023-11-22, and Source: FBI Statement (via NYT), and Source: SitusAMC Public Notice, and Source: The New York Times, and Source: SecurityScorecard 2025 Global Third Party Breach Report, and Source: Verizon Data Breach Investigations Report, and Source: Security Boulevard (Interviews with Agnidipta Sarkar, Dave Tyson), and Source: CNN, and Source: Bloomberg, and Source: The New York Times, and Source: SitusAMC Public StatementDate Accessed: 2023-11-18, and Source: FBI Statement (Kash Patel), and Source: TPO Group (Munish Walther-Puri), and Source: ThreatAware (Jon Abbott), and Source: SecurityScorecard Research (2025), and Source: SitusAMC Public Statements (2025-11-22, 2025-11-25), and Source: EU Digital Operational Resilience Act (DORA), and Source: TechCrunch (via TechRadar), and Source: CNN, and Source: SitusAMC Public StatementDate Accessed: 2023-10-21.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Data Breach SIT2192821112425
Investigation Status: Ongoing (scope, nature, and extent under investigation)
Incident : Data Breach SIT2794427112425
Investigation Status: Ongoing (scope, nature, and extent of impact under investigation by SitusAMC and third-party advisors)
Incident : Data Breach SIT1640716112525
Investigation Status: Ongoing (scope and nature under investigation)
Incident : Data Breach SIT3233032112625
Investigation Status: Ongoing (data review phase with keyword searches)
Incident : Data Breach (Smash-and-Grab) SIT2492624112625
Investigation Status: Ongoing (FBI involved)
Incident : Data Breach SIT4294342112625
Investigation Status: Ongoing (scope, nature, and extent under investigation)
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Customer Letter Issued, Public Statement, Fbi Director’S Market-Calming Statement, Notice To Affected Organizations, Public Statement, Public Statement, Breach Notifications To Affected Institutions (Jpmorgan, Citi, Morgan Stanley), Public statements on 2025-11-22 and 2025-11-25, Public announcement on website; media outreach (limited responses from clients) and Public statement and client notifications.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Data Breach SIT2192821112425
Stakeholder Advisories: Fbi Director Kash Patel’S Statement To Calm Markets.
Customer Advisories: SitusAMC letter to clients
Incident : Data Breach SIT2794427112425
Stakeholder Advisories: Notified Affected Organizations (E.G., Jpmorgan Chase, Citi, Morgan Stanley).
Incident : Data Breach SIT1640716112525
Stakeholder Advisories: Breach Notifications Sent To Jpmorgan Chase, Citi, And Morgan Stanley.
Incident : Data Breach (Smash-and-Grab) SIT2492624112625
Stakeholder Advisories: Limited (public announcement; clients declined to comment)
Incident : Data Breach SIT4294342112625
Stakeholder Advisories: Clients notified (including JPMorgan Chase, Citi)
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Fbi Director Kash Patel’S Statement To Calm Markets, Situsamc Letter To Clients, , Notified Affected Organizations (E.G., Jpmorgan Chase, Citi, Morgan Stanley), Breach Notifications Sent To Jpmorgan Chase, Citi, And Morgan Stanley, Limited (public announcement; clients declined to comment), Clients notified (including JPMorgan Chase and Citi).
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Data Breach SIT2192821112425
High Value Targets: Residential Mortgage Data, Investment Bank Legal Agreements,
Data Sold on Dark Web: Residential Mortgage Data, Investment Bank Legal Agreements,
Incident : Data Breach SIT2794427112425
High Value Targets: Financial Institutions (Jpmorgan Chase, Citi, Morgan Stanley),
Data Sold on Dark Web: Financial Institutions (Jpmorgan Chase, Citi, Morgan Stanley),
Incident : Data Breach SIT1640716112525
High Value Targets: Banking Customer Relationships Data, Accounting Records, Legal Agreements,
Data Sold on Dark Web: Banking Customer Relationships Data, Accounting Records, Legal Agreements,
Incident : Data Breach SIT3233032112625
High Value Targets: Loan/Mortgage Documents, Accounting Records, Legal Agreements,
Data Sold on Dark Web: Loan/Mortgage Documents, Accounting Records, Legal Agreements,
Incident : Data Breach (Smash-and-Grab) SIT2492624112625
High Value Targets: Corporate Data (Accounting, Legal), Client Customer Data,
Data Sold on Dark Web: Corporate Data (Accounting, Legal), Client Customer Data,
Incident : Data Breach SIT4294342112625
High Value Targets: Financial Institutions, Corporate Client Data,
Data Sold on Dark Web: Financial Institutions, Corporate Client Data,
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Data Breach SIT2794427112425
Root Causes: Third-Party Vulnerability Exploitation (Likely Unpatched Infrastructure Or Cloud Misconfigurations), Potential Missed Patches Or Unmonitored Vendor Access, Ai-Enabled Reconnaissance By Threat Actors,
Incident : Data Breach SIT1640716112525
Corrective Actions: Credential Resets, Disabled Remote Access Tools, Updated Firewall Rules, Strengthened Security Settings,
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Security Experts (Unnamed), , Leading Cybersecurity Experts, , , , .
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Credential Resets, Disabled Remote Access Tools, Updated Firewall Rules, Strengthened Security Settings, .
Additional Questions
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2023-11-12.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2023-10-21.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Corporate accounting records, Legal agreements with clients, Residential mortgage data, Customers’ personal data (loan applications), Sensitive details about investment banks, , Corporate Data (accounting records, legal agreements), Client Customer Data, , Corporate data tied to banking customers' relationships, Accounting records, Legal agreements, , Accounting Records, Legal Agreements, Clients' Customer Data, , Corporate data (accounting records, legal agreements), Client data (customer details), , accounting records, legal agreements and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was SitusAMC internal systems.
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was security experts (unnamed), , leading cybersecurity experts, , , , .
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident were Systems secured (details unspecified), Systems hardenedIncident contained within 10 days and Credential resetsDisabled remote access toolsUpdated firewall rulesStrengthened security settings.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Client Customer Data, Client data (customer details), Corporate data tied to banking customers' relationships, Legal agreements, Clients' Customer Data, Sensitive details about investment banks, Corporate Data (accounting records, legal agreements), Accounting Records, Corporate data (accounting records, legal agreements), accounting records, Accounting records, legal agreements, Legal agreements with clients, Legal Agreements, Customers’ personal data (loan applications), Corporate accounting records and Residential mortgage data.
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Continuous visibility into vendor ecosystems and real-time validation of partner controls are critical.
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Conduct regular supply chain risk audits, Implement micro-segmentation to limit lateral movement if third-party credentials are compromised., Implement continuous validation of IT controls and response readiness., Monitor supply chain and third-party ecosystems for active compromises., Assume all non-public data shared with partners is a potential exposure point., Implement stricter contractual security requirements for vendors, Monitor dark web for exposed data, Adopt cryptographic passwordless credentials tied to hardware for third-party access., Enforce multi-factor authentication (MFA) and single sign-on (SSO) across all systems., Clarify incident response plans for third-party breaches, including communication protocols., Regularly evaluate security posture of partners/vendors with strong fundamentals., Maintain procedures to prevent breaches from spreading through vendor networks., Enhance third-party risk assessments, including AI-driven reconnaissance capabilities., Financial institutions must elevate partner risk management to the level of internal security., Enhance third-party vendor security assessments and Implement continuous monitoring of third/fourth-party vendors (as mandated by regulations like the EU's Digital Operational Resilience Act)..
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are The New York Times, ThreatAware (Jon Abbott), SecurityScorecard 2025 Global Third Party Breach Report, FBI Statement (via NYT), New York Times, SitusAMC Public Notice, TPO Group (Munish Walther-Puri), Bloomberg, Security Boulevard (Interviews with Agnidipta Sarkar, Dave Tyson), SecurityScorecard Research (2025), CNN, Verizon Data Breach Investigations Report, EU Digital Operational Resilience Act (DORA), FBI Statement (Kash Patel), SitusAMC Public Statements (2025-11-22, 2025-11-25), TechCrunch (via TechRadar), SitusAMC Public Statement and SitusAMC Customer Letter.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing (scope, nature, and extent under investigation).
Stakeholder and Customer Advisories
What was the most recent stakeholder advisory issued ?
Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was FBI Director Kash Patel’s statement to calm markets, Notified affected organizations (e.g., JPMorgan Chase, Citi, Morgan Stanley), Breach notifications sent to JPMorgan Chase, Citi, and Morgan Stanley, Limited (public announcement; clients declined to comment), Clients notified (including JPMorgan Chase, Citi), .
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued was an SitusAMC letter to clients.
.png)
Latest Global CVEs (Not Company-Specific)
Description
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.
Risk Information
cvss4
Base: 7.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
- https://github.com/angular/angular/commit/0276479e7d0e280e0f8d26fa567d3b7aa97a516f
- https://github.com/angular/angular/commit/05fe6686a97fa0bcd3cf157805b3612033f975bc
- https://github.com/angular/angular/commit/3240d856d942727372a705252f7c8c115394a41e
- https://github.com/angular/angular/releases/tag/19.2.16
- https://github.com/angular/angular/releases/tag/20.3.14
- https://github.com/angular/angular/releases/tag/21.0.1
- https://github.com/angular/angular/security/advisories/GHSA-58c5-g7wp-6w37
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 6.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected when working with large buffers. This includes a rule passing a large buffer to a Lua script. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling Lua rules and output scripts, or making sure limits, such as stream.depth.reassembly and HTTP response body limits (response-body-limit), are set to less than half the stack size.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64_data. This issue has been patched in version 8.0.2. A workaround involves disabling rules that use entropy in conjunction with base64_data.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=situsamc' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
