Vendor breach compromised the data of over 37,000 VeraBank customers

Henderson, Texas-based financial services company VeraBank said the personal information of more than 37,000 customers was exposed after hackers struck the bank’s data analysis vendor’s systems in August and gained access to its network.

The financial services company, operating in East and Central Texas since 1930 and recognised by S&P Global as the best-performing community bank in the U.S. in 2023, informed the Office of the Attorney-General of Maine in late December that a cyber security incident involving a data analysis vendor had exposed customer information to third parties.

VeraBank said that its customer communication and data analysis vendor, Marquis Software Solutions, Inc., suffered a network intrusion on 14 August that gave malicious actors access to sensitive information associated with the company’s clients, including VeraBank.

Though the incident did not impact VeraBank’s systems of network, the hackers were able to copy the data of 37,318 VeraBank customers from Marquis’ systems.

“A review of the files was conducted to identify individuals whose information may have been involved, and we worked to obtain addresses and notify them as quickly as possible after completing the review on December 12, 2025,” said VeraBank’s CEO Brad Tidwell.

The community bank told affected customers that it shared their personal information with Marquis to enable the vendor to “communicate relevant and necessary updates with you and also to analyze what bank products and services may best fit your needs.”

The bank said it is offering a free-of-cost 24-month subscription to single-bureau credit monitoring, credit report and credit score services to all affected customers. It has also offered proactive fraud assistance through CyberScout to help affected customers in the event they become victims of fraud.

The data security incident at Marquis Software Solutions also affected Wilmington, Delaware-based Artisans’ Bank. The bank recently disclosed that as a result of the cyber attack on Marquis, hackers copied the personal information of approximately 32,344 individuals. The bank is offering complimentary credit monitoring services through IDX for up to two years to all affected customers.