Marquis Data Breach Hits US Banks, Credit Unions

Fintech firm Marquis has begun notifying dozens of U.S. banks and credit unions that sensitive customer data was compromised in a ransomware attack earlier this year. The incident, which Marquis confirmed was a ransomware attack on August 14, has exposed personal information, financial records, and Social Security numbers belonging to hundreds of thousands of individuals, with the total number of affected people expected to rise.

Incident Details and Marquis's Role

Details of the cyberattack emerged this week after Marquis filed data breach notices with several U.S. states. Texas-based Marquis operates as a marketing and compliance provider, enabling banks and other financial institutions to centralize and visualize their customer data. With over 700 banking and credit union customers, as stated on its website, Marquis has access to and stores extensive amounts of consumer banking data across the United States.

Impact and Data Compromised

According to legally required disclosures reviewed by TechCrunch in states including Iowa, Maine, Texas, Massachusetts, and New Hampshire, at least 400,000 people have been confirmed affected by the data breach so far. Texas residents account for the largest portion of those impacted, with at least 354,000 individuals having their data stolen.

Marquis's notice with Maine’s attorney general indicated that banking customers with the Maine State Credit Union made up a significant portion of its data breach notifications in that state. The company anticipates the number of affected individuals will increase as more data breach notifications are processed from other states.

The stolen data includes highly sensitive information such as customer names, dates of birth, postal addresses, and financial details like bank account, debit, and credit card numbers. Crucially, Marquis also confirmed that hackers stole customers' Social Security numbers.

Technical Cause of the Breach

Marquis attributed the ransomware attack to hackers who exploited a zero-day vulnerability in its SonicWall firewall. A zero-day vulnerability refers to a software flaw unknown to the vendor or its customers before it is maliciously exploited by attackers.

While Marquis did not publicly attribute the ransomware attack to a specific group, the Akira ransomware gang was reportedly behind mass-hacks targeting SonicWall customers around the time of the incident.

As of publication, Marquis has not responded to inquiries regarding the total number of people affected, any communication received from the hackers, or whether a ransom was paid.

Do you have more information about the Marquis data breach, or do you work at Marquis or a company affected by this incident? We encourage you to reach out securely to this reporter via Signal using the username: zackwhittaker.1337.