Time Bank customers exposed in Marquis ransomware breach affecting nearly 4,000 individuals

Time Bank, a U.S.-based community banking institution, is notifying customers nationwide after a cybersecurity incident at one of its service providers exposed sensitive personal information belonging to at least 3,944 account holders. The breach originated at Marquis Software Solutions Inc., a marketing and communications vendor that supports the bank and other business clients.

Marquis identified suspicious activity on its network on August 14, 2025 and determined that an unauthorized party had launched a ransomware attack. The intrusion allowed the attacker to access the company’s systems and potentially obtain files containing customer data. The event was confined to Marquis’ environment.

A forensic review confirmed that the compromised files included names, addresses, phone numbers, Social Security numbers, Taxpayer Identification Numbers, financial account information without associated security codes, and dates of birth. No protected health information was involved. Impact assessments show that at least 3,942 Iowa residents, nine Washington residents, and two Maine residents were affected.

Marquis began notifying its business clients about the data exposure between October 27 and November 25, 2025. Time Bank and other organizations then initiated direct outreach to impacted individuals. Regulatory notifications started on November 26 in Iowa, Maine, and Washington. Marquis stated it has not identified any misuse or attempted misuse of the compromised data.

The company launched an investigation with cybersecurity specialists and informed federal law enforcement immediately after detecting the attack. Review teams examined the affected files to identify those whose information was at risk. Marquis continues to coordinate with client institutions to support ongoing notifications.

As a precautionary measure, impacted customers are being offered complimentary credit monitoring and identity theft protection services through Epiq Privacy Solutions ID. The program provides credit and dark web monitoring, credit protection tools, change of address tracking, and identity restoration assistance. Notification letters also outline steps individuals can take to secure their financial information, including placing security freezes or fraud alerts with credit bureaus.

Recipients of the notices are urged to monitor bank accounts, credit reports, and financial statements for at least 12 to 24 months. Instructions and contact details for major credit bureaus and the Federal Trade Commission are provided to help customers adopt additional safeguards.