Marquis Software Solutions suffered a data breach affecting over 400,000 individuals

Marquis Software Solutions, a major American fintech company providing marketing and compliance services to hundreds of community banks and credit unions, has disclosed a massive data breach affecting over 400,000 customers across at least 74 U.S. financial institutions.

The breach, which occurred in August 2025, was attributed to a ransomware attack that exploited a vulnerability in the company's SonicWall firewall, highlighting the critical supply chain risk posed by third-party vendors in the financial sector.

The Compromise: Stolen Credentials and Financial Data

Marquis confirmed in regulatory filings with multiple state Attorneys General that an unauthorized third party accessed and stole files from its network. The core problem was the system's role as a centralized data hub for its clients.

The exposed data includes highly sensitive personal and financial information, sufficient for sophisticated identity theft and fraud:

• Full Names and Addresses

• Dates of Birth (DOB)

• Social Security Numbers (SSNs) or Taxpayer Identification Numbers (TINs)

• Financial Account Information (including bank account and credit card numbers, though security codes were reportedly not exposed)

While Marquis stated it has "no evidence of the misuse, or attempted misuse, of personal information" at this time, at least one affected credit union reportedly disclosed that Marquis paid a ransom to the attackers, a common practice used to prevent stolen data from being leaked onto the dark web.

The vendor risk problem

The attack was traced to the exploitation of a known, previously disclosed vulnerability in SonicWall firewall software. Security researchers have linked similar attacks targeting SonicWall Virtual Private Network (VPN) devices to the Akira ransomware group. The attackers successfully used the flaw to bypass existing multi-factor authentication and gain access to the Marquis network.

"When an attacker reaches a vendor like this, they don't just hit one bank. They hit a data hub that exposes customers across dozens of smaller institutions simultaneously." a cybersecurity analyst said of the incident.

Marquis is currently notifying all affected individuals and offering free credit monitoring and identity protection services for up to two years. The company also confirmed it has taken steps to harden its security, including patching all firewall devices and enforcing stricter multi-factor authentication controls.