Marquis, a Texas-based provider of analytics and visualization solutions to hundreds of U.S. banks, recently disclosed a ransomware intrusion that took place in August 2025 resulted in a large-scale compromise of highly sensitive customer information, demonstrating the systemic vulnerability inherent in today’s interconnected financial data ecosystem.
A breach that has only recently become publicized due to regulatory disclosures affected at least 672,075 individuals, and involved exfiltration of both personal identifiers and critical financial information. A company filing submitted to the Maine Attorney General’s office indicates that it is beginning the process of notifying the affected, with a significant concentration of those affected residing in Texas.
In light of the extent of the stolen dataset, which consists of names, dates of birth, addresses, bank account details, payment card information, and even Social Security numbers, this is not merely an unauthorized access incident, but a deeply consequential event threatening consumer financial security as well as institutional trust for the long term.
Marquis has received subsequent disclosures suggesting that the incident may have been linked to a broader compromise within the vendor ecosystem on which Marquis relies. SonicWall released an advisory in mid-September 2025 urging its customers to reset their credentials following the discovery of a brute-force attack on the MySonicWall cloud platform. This service stores and manages configuration backups on behalf of firewall administrators.
A backup may contain highly sensitive operational data, including network rules, access control policies, VPN configurations, authentication parameters associated with enterprise identity systems such as LDAP, RADIUS, and SNMP, as well as administrative account credentials. Later, Marquis confirmed the inclusion of Marquis among those affected entities, and the company acknowledged that the compromise encompassed the entire company’s customer base.
Although early reports do not offer a complete picture of downstream impact, subsequent regulatory filings by Marquis across multiple jurisdictions show that the nature and extent of compromised data varies from state to state.
This company provided a particularly comprehensive dataset in its submission to Maine authorities that included names, physical addresses, contact information, Social Security numbers, taxpayer identification numbers, and financial account information without associated security codes.
The date of birth, as well as the dates of birth, indicate a breach with both infrastructure and personal consequences.
As a result of the incident, more attention has been drawn to the structural risks associated with the financial sector’s reliance on third-party service providers, where a single point of compromise can have cascading effects on a number of institutions and, by extension, their clients.
The runsomware event in August affected data associated with clients from dozens of banks and credit unions, according to Marquis, but it has only recently been confirmed how broad the scope of the individual impact and the amount of information exposed have been clarified. According to our investigation, the initial intrusion vector was caused by unauthorized access to the SonicWall firewall, which permitted a third party to gain access to Marquis’ internal network.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: