Marquis says August ransomware attack impacted 672,075 individuals

Financial services provider Marquis Software Solutions said a major data security incident involving its network in 2025 impacted the personal information of as many as 672,000 individuals.

The marketing and communications vendor for financial institutions said in a data breach incident notice filed with the office of the Attorney General of Maine this week that the data security incident, which occurred on August 14, 2025, impacted the personal information of 672,075 individuals, including 96 people residing in the state of Maine.

In its letter to affected individuals, the company said that the data security involved unauthorised third parties gaining access to its network in August and exfiltrating large amounts of information stored in its systems. The company subsequently informed law enforcement authorities and conducted an investigation to determine the scope of the cyber attack and the extent of the breach.

The company previously announced in December that the data breach had impacted customers of more than 70 banks and credit unions in the United States. The compromised information included names, dates of birth, addresses, phone numbers, Social Security numbers, Taxpayer Identification Numbers, financial account information without security or access codes. 

The company initially announced that the incident had impacted more than 400,000 customers across over 74 banks and credit unions, but has now revised the figure upwards to 672,000. Marquis is now providing 12 months of complimentary credit and identity monitoring services, including identity insurance and resolution services via Epiq Privacy Solutions ID to all affected customers.

In February, Marquis Software Solutions sued cyber security firm SonicWall in a U.S. court, alleging gross negligence and misrepresentation after determining that hackers had compromised a SonicWall firewall to gain access to its corporate network.

  
Marquis contends that the attackers leveraged configuration data extracted from SonicWall’s MySonicWall cloud backup infrastructure. The lawsuit alleges that a security gap introduced in February 2025 through an API code change in the MySonicWall cloud backup service allowed unauthorised access to firewall configuration backup files stored in SonicWall’s cloud environment.

Those backup files contained AES-256 encrypted credentials, configuration data and multi-factor authentication scratch codes. Marquis argued that the exposed information enabled the threat actor to bypass security protections and compromise its firewall despite safeguards being active.