The Texas-based fintech firm Marquis is currently notifying dozens of U.S. banks and credit unions following a significant ransomware attack that resulted in the theft of sensitive customer data. The incident, which occurred on August 14, has prompted the company to file official data breach notices across multiple states.
Massive Data Exposure Across the U.S.
Marquis serves as a critical compliance and marketing provider for over 700 financial institutions, granting it access to vast repositories of consumer banking information. Public disclosures filed in Iowa, Maine, Texas, Massachusetts, and New Hampshire confirm that at least 400,000 individuals have been impacted by the breach so far.
Texas has emerged as the hardest-hit region, with at least 354,000 residents affected. Furthermore, notices filed with the Maine Attorney General reveal that customers of the Maine State Credit Union represent a significant portion of the victims in that state. Industry experts anticipate the total number of affected individuals will climb as additional notifications are processed.
Stolen Data and Security Vulnerabilities
The hackers gained unauthorized access to highly sensitive personal information. According to the breach notices, the compromised data includes:
- Full names and postal addresses
- Dates of birth
- Social Security numbers
- Financial details, including bank account numbers and debit/credit card information
Marquis identified the root cause of the breach as an exploited vulnerability in its SonicWall firewall. While the company has not officially attributed the attack to a specific threat actor, reports suggest the Akira ransomware gang was actively targeting SonicWall vulnerabilities during the timeframe of the intrusion.
Unanswered Questions
Despite the severity of the incident, Marquis has remained largely silent regarding the operational impact of the attack. The firm has not disclosed whether it received direct communication from the threat actors or if a ransom payment was made to prevent the leak of the stolen data. As the investigation continues, the focus remains on the 700+ financial institutions that rely on Marquis to manage and visualize their customer data.