In August 2025, Marquis Software Solutions, a Texas-based fintech firm, experienced a significant ransomware attack that exposed sensitive customer data. The breach, which occurred on August 14, 2025, compromised personal and financial information of over 780,000 individuals across 74 U.S. banks and credit unions. Marquis is actively notifying affected businesses and offering complimentary credit monitoring services to mitigate potential risks.
Details of the Breach
Marquis Software Solutions provides data-driven marketing, customer data platforms, analytics, and compliance solutions to banks and credit unions across the United States. Serving over 700 financial institutions, the company plays a crucial role in managing sensitive customer information. On August 14, 2025, Marquis detected suspicious activity on its network, which was later confirmed as a ransomware attack. An unauthorized third party exploited a vulnerability in the company’s SonicWall firewall to gain access to its systems. The attackers exfiltrated files containing personal information, including names, addresses, phone numbers, Social Security numbers, taxpayer identification numbers, and financial account details. (techcrunch.com)
Explore the data solution with built-in protection against ransomware TrueNAS.
Impact on Financial Institutions
The breach has had a widespread impact on numerous financial institutions. At least 74 banks and credit unions have been affected, with the total number of individuals impacted expected to rise as more data breach notifications are processed. For instance, the Maine State Credit Union reported that approximately 38,334 of its members were affected, accounting for about one in every nine individuals impacted by the breach in the state. (techcrunch.com)
Response and Mitigation Efforts
In response to the breach, Marquis has been notifying affected business customers and is offering complimentary credit monitoring and identity theft protection services to individuals whose data was compromised. The company has also filed data breach notices with several U.S. states, including Iowa, Maine, Texas, Massachusetts, and New Hampshire. Marquis is working closely with affected financial institutions to facilitate appropriate notifications to individuals and regulatory bodies. (cutimes.com)
Potential Attribution to Akira Ransomware Group
While Marquis has not officially attributed the attack to any specific group, reports suggest that the Akira ransomware gang may be responsible. The Akira group has been known to exploit vulnerabilities in SonicWall firewalls to gain unauthorized access to networks. However, no definitive evidence has been presented to confirm this attribution. (redskyalliance.org)
Delayed Notifications Raise Concerns
The timing of Marquis’s notifications has raised concerns among affected financial institutions and state regulators. Some institutions were not informed until months after the August ransomware attack. For example, Community 1st Credit Union reported that it was notified on October 27, 2025, about the breach affecting its members. This delay has prompted discussions about the adequacy of Marquis’s response and the potential risks posed to affected individuals. (cutimes.com)
Ongoing Investigations and Future Implications
Investigations into the breach are ongoing, with federal authorities involved in assessing the full scope and impact of the attack. The incident underscores the critical importance of robust cybersecurity measures, especially for third-party vendors handling sensitive financial data. Financial institutions are advised to review their security protocols and collaborate closely with vendors to enhance data protection and prevent future breaches.
References
Be the first to comment