Fintech firm Marquis alerts dozens of US banks and credit unions of a data breach after ransomware attack

Marquis, a fintech enterprise based in Texas, has alerted numerous U.S. banks and credit unions about a significant data breach that compromised customer information earlier this year. The revelations came to light following the company's filing of data breach notifications with several states, confirming that the incident, which occurred on August 14, was a ransomware attack. As a marketing and compliance service provider, Marquis supports more than 700 financial institutions by enabling them to gather and analyze their customer data in one centralized platform. This extensive access means Marquis holds vast amounts of sensitive consumer banking data across the United States. Current reports indicate that at least 400,000 individuals have been impacted by this breach, as detailed in disclosures filed in Iowa, Maine, Texas, Massachusetts, and New Hampshire. Texas has been identified as the state with the highest number of affected residents, with approximately 354,000 individuals having their data compromised. Notably, the Maine State Credit Union's customers represented a significant portion of the breach notifications, affecting around one in nine individuals reported to be impacted in that state. Marquis disclosed that the hackers gained access to various personal details, including customer names, dates of birth, postal addresses, and financial data such as bank account and credit card numbers. Additionally, Social Security numbers were also stolen during the attack. The company attributed the breach to a ransomware attack that exploited a zero-day vulnerability in its SonicWall firewall—an issue that was previously unknown to both SonicWall and its clients until it was maliciously used by hackers. While Marquis has not specified whether a particular group was responsible, reports suggest that the Akira ransomware gang may have been involved in the widespread attacks targeting SonicWall customers around that time. As the situation unfolds, Marquis has yet to clarify the total number of individuals impacted by the breach or whether it engaged with the hackers or paid any ransom. The number of affected individuals is likely to increase as more notifications are received from other states. Anyone with additional information regarding the Marquis data breach is encouraged to reach out securely.