Marquis Ransomware Breach Exposes 672,000 People’s Data
▼ Summary
– A ransomware attack in August 2025 on Marquis, a financial services provider, compromised the data of over 670,000 individuals and disrupted operations at 74 U.S. banks.
– The attackers stole extensive personal and financial information, including Social Security numbers and financial account details, after breaching the network via a compromised SonicWall firewall.
– Marquis attributed the attack to a prior SonicWall security breach disclosed in September, which involved stolen credentials and was linked by investigators to a state-sponsored hacking group.
– In February, Marquis sued SonicWall, alleging gross negligence and misrepresentation led to the attack, causing significant business damages and reputational harm.
– The company is also defending over 36 consumer class action lawsuits stemming from the data breach and is seeking financial compensation from SonicWall.
A significant ransomware attack targeting a major financial services provider has compromised the personal and financial data of over 672,000 individuals. The incident, which occurred in August 2025, not only led to a massive data breach but also disrupted operations for dozens of banks across the country, highlighting the cascading risks within interconnected financial ecosystems.
The Texas-based firm, Marquis, offers a suite of services including digital marketing, data analytics, and customer relationship management to more than 700 banking institutions, credit unions, and mortgage lenders. The breach began on August 14, 2025, when threat actors successfully compromised a SonicWall firewall, providing them a gateway into the company’s internal network. Once inside, the attackers exfiltrated a vast trove of sensitive information.
The stolen data encompasses a wide array of personal identifiers and financial details. This includes full names, dates of birth, physical addresses, and phone numbers. More critically, Social Security numbers, Taxpayer Identification Numbers, and financial account information were also taken, though the company states security or access codes for accounts were not part of the stolen data set.
In official notifications sent to the affected individuals, Marquis emphasized that the incident was confined to its own systems and did not directly impact the internal networks of its banking clients. The company explained that the process of identifying and validating the affected individuals, followed by obtaining current mailing addresses, was a meticulous undertaking that concluded in December 2025.
The origin of the attack was later traced back to a separate security incident at SonicWall. In January, Marquis pointed to a breach disclosed by the firewall manufacturer in September, which involved compromised cloud backup services. SonicWall had warned that this event could allow attackers to extract credentials, making it far simpler to breach customer firewalls. An investigation by cybersecurity firm Mandiant found evidence linking this September event to a state-sponsored hacking group.
In a significant legal escalation, Marquis filed a lawsuit against SonicWall in February, alleging gross negligence and misrepresentation. The fintech firm contends that SonicWall’s security failures directly enabled the ransomware attack. The lawsuit details extensive damages, including loss of customers, reputational harm, missed business opportunities, and a substantial decrease in company value.
Furthermore, Marquis is now contending with the legal fallout from the data breach. The company is defending against more than three dozen consumer class action lawsuits that have arisen from the incident. In its suit against SonicWall, Marquis is seeking monetary damages, indemnification for any judgments in the related class actions, and coverage for legal fees, aiming to hold the cybersecurity provider accountable for the chain of events that led to the widespread data exposure.
(Source: BleepingComputer)
