Vendor Breach Hits Norway Savings Bank, 51,000 Customers’ Data Exposed

Norway Savings Bank disclosed that a data breach at its service provider, Marquis, compromised sensitive personal information for 51,000 customers.

 

Marquis Software Solutions provides marketing and compliance services to over 700 banks and credit unions nationwide. Its clients include C1st, Banc of California, Inwood National Bank, Needham Bank, Guaranty Bank, Andersen Brothers Bank, NexBank, Erie FCU, and US Eagle FCU.

 

In a data security incident notice filed with the Office of Maine Attorney General, NSB said that on  August 14, it was notified of unauthorised activity at a third-party service provider, Marquis. The financial organisation immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

“The incident did not involve NSB’s own internal systems. Upon learning of the incident, NSB received regular updates from the affected provider regarding its incident response and investigation. 

 

“Cybersecurity experts were engaged to conduct a detailed review that determined whether and what NSB customer information may have been included. This thorough investigation concluded on October 27, 2025, and we are now able to provide you with the full details contained in this letter,” NSB said.

 

The compromised data included names, addresses, dates of birth, social security numbers, tax identification numbers, and financial account information. The organisation confirmed that Norway Savings Asset Management Group accounts were not affected.

 

The filing with the Maine state regulator’s office also states that NSB has identified at least 51,000 individuals affected by the incident.

 

While the financial organisation found no evidence of the compromise data being misused, it has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and the state attorney general. 

 

It has also offered  complimentary identity protection and credit monitoring services through IDX to all affected individuals.