Article Details

Marquis data breach impacts over 74 US banks, credit unions. Financial software provider Marquis Software Solutions is warning that it suffered a data breach that impacted dozens of banks and credit unions across the US. Marquis Software Solutions provides data analytics, CRM tools, compliance reporting, and digital marketing services to over 700 banks, credit unions, and mortgage lenders. In data breach notifications filed with US Attorney General offices, Marquis says it suffered a ransomware attack on August 14, 2025, after its network was breached through its SonicWall firewall. This allowed the hackers to steal "certain files from its systems" during the attack. "The review determined that the files contained personal information received from certain business customers," reads a notification filed with Maine's AG office. "The personal information potentially involved for Maine residents includes names, addresses, phone numbers, Social Security numbers, Taxpayer Identification Numbers, financial account information without security or access codes, and dates of birth." Marquis is now filing notifications on behalf of its customers, in some cases breaking down the number of people impacted per bank in a state. These notifications state that similar data was exposed in the attack for customers in other U.S. states. According to notifications filed in Maine, Iowa, and Texas, over 400,000 customers have been impacted from the following 74 banks and credit unions. At this time, Marquis says that there is no evidence that data has been misused or published anywhere. However, as previously reported by Comparitech, a now-deleted filing by Community 1st credit union claimed that Marquis paid a ransomm, which is done to prevent the leaking and abuse of stolen data. "Marquis paid a ransomware shortly after 08/14/25. On 10/27/25 C1st was notified that nonpublic personal information related to C1st members was included in the Marquis breach," reads the deleted notification seen by Comparitech. While the company's data breach notifications state only that it has "taken steps to reduce the risk of this type of incident," a filing by CoVantage Credit Union with the New Hampshire AG shares further details about how the company is increasing security. This notification states that Marquis has now enhanced its security controls by doing the following: These steps indicate that the threat actors likely gained access to the company network through a SonicWall VPN account, a known tactic used by some ransomware gangs, especially Akira ransomware. Targeting SonicWall firewalls While Marquis has not shared any further details about the ransomware attack, the Akira ransomware gang has been targeting SonicWall firewalls to gain initial access to corporate networks since at least early September 2024. Akira started breaching SonicWall SSL VPN devices in 2024 by exploiting the CVE-2024-40766 vulnerability, which allowed attackers to steal VPN usernames, passwords, and seeds to generate one-time passcodes. Even after SonicWall patched the bug, many organizations didn't properly reset their VPN credentials, allowing Akira to continue breaching patched devices with previously stolen credentials. A recent report shows the group is still signing in to SonicWall VPN accounts even when MFA is enabled, suggesting the attackers stole OTP seeds during the earlier exploitation. Once Akira gets in through the VPN, they move quickly to scan the network, perform reconnaissance, gain elevated privileges in the Windows Active Directory, and steal data before deploying ransomware. Break down IAM silos like Bitpanda, KnowBe4, and PathAI Broken IAM isn't just an IT problem - the impact ripples across your whole business. This practical guide covers why traditional IAM practices fail to keep up with modern demands, examples of what "good" IAM looks like, and a simple checklist for building a scalable strategy.