Marquis Data Breach Exposes 672,000 People’s Financial Info

A significant data breach at the financial technology firm Marquis has compromised the sensitive personal and financial information of over 672,000 individuals. The incident, stemming from a ransomware attack in August 2025, exposed a trove of customer data held by the company, which provides data analysis and visualization services to numerous banks. The stolen information includes names, dates of birth, postal addresses, bank account details, debit and credit card numbers, and Social Security numbers, creating a substantial risk of identity theft and financial fraud for those affected.

According to a filing with Maine’s attorney general’s office, the Plano, Texas-based company is notifying 672,075 people about the security incident. A separate notice filed in Texas indicates that more than half of the impacted individuals reside in that state. This disclosure provides the first comprehensive account of the breach’s scale, which had not been previously reported to the public.

The attack’s fallout has escalated into legal action. In February, Marquis filed a lawsuit against its firewall provider, SonicWall. The fintech firm alleges that security failures by SonicWall enabled hackers to steal critical configuration data related to its firewalls. According to the lawsuit, this stolen information was then used to infiltrate Marquis’s internal network, exfiltrate sensitive customer data, and deploy ransomware.

Marquis contends that a vulnerability created by SonicWall allowed the attackers to access and steal firewall configuration backup files, including those belonging to Marquis itself. This legal move underscores the complex chain of responsibility often involved in modern cybersecurity incidents, where third-party vendors can become critical points of failure. The company did not provide an immediate comment when reached for inquiry regarding the breach notice.

(Source: TechCrunch)