Marquis Data Breach Affects 672,000 Individuals
Marquis, a marketing and compliance solutions provider for credit unions and banks, disclosed a data breach affecting 672,000 individuals after hackers gained access to its systems in August 2025. The stolen data includes names, addresses, SSNs, dates of birth, taxpayer IDs, and payment card numbers. The attack exploited a SonicWall firewall vulnerability, with evidence suggesting the Akira ransomware group may have been responsible and received a ransom payment.
Summary
Marquis, a marketing and compliance solutions provider for credit unions and banks, disclosed a data breach affecting 672,000 individuals after hackers gained access to its systems in August 2025. The stolen data includes names, addresses, SSNs, dates of birth, taxpayer IDs, and payment card numbers. The attack exploited a SonicWall firewall vulnerability, with evidence suggesting the Akira ransomware group may have been responsible and received a ransom payment.
Full text
Marquis, a provider of marketing and compliance solutions for credit unions and banks, revealed this week that a data breach disclosed last year affects roughly 672,000 individuals. The Texas-based company discovered in August 2025 that hackers had gained access to its systems. In a notification made public in December, it reported that the attackers had stolen personal information such as names, addresses, SSNs, dates of birth, taxpayer identification numbers, and financial information, including payment card numbers. The information was stored by Marquis on behalf of dozens of the 700 banks and credit unions it serves. In its initial data breach disclosure, Marquis did not share the total number of affected individuals. However, based on numbers provided to authorities in various US states about impacted people in their respective states, along with disclosures made by the affected financial institutions themselves, it was previously estimated that at least 780,000 had been hit. Comparitech estimated in February 2026 that as many as 1.6 million people could be affected. However, Marquis told the Maine Attorney General’s Office this week that just over 672,000 are affected. Advertisement. Scroll to continue reading. If 672,000 is the actual number of impacted individuals, some of the numbers shared by banks and credit unions may include overlapping customers who hold accounts at multiple institutions. No cybercrime group has taken credit for the attack on Marquis, but Comparitech previously reported that a now-removed data breach notice from an Iowa credit union revealed that Marquis had paid a ransom, a claim that the fintech company has yet to confirm. The company did not immediately respond to SecurityWeek’s request to confirm or deny the claim. Marquis previously said the attack exploited a SonicWall firewall vulnerability. Around the time the company discovered the attack, the Akira ransomware group had ramped up its exploitation of SonicWall firewall flaws. Related: Security Firm Aura Discloses Data Breach Impacting 900,000 Records Related: Robotic Surgery Giant Intuitive Discloses Cyberattack Related: Oracle EBS Hack: Only 4 Corporate Giants Still Silent on Potential Impact Written By Eduard Kovacs Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering. More from Eduard Kovacs Iranian Hackers Likely Used Malware-Stolen Credentials in Stryker BreachResearcher Discovers 4th WhatsApp View Once Bypass; Meta Won’t PatchUK Companies House Exposed Details of Millions of Firms Google, Meta, Microsoft Among Signatories of Pact to Combat ScamsOracle EBS Hack: Only 4 Corporate Giants Still Silent on Potential ImpactHacking Attempt Reported at Poland’s Nuclear Research CenterLoblaw Data Breach Impacts Customer InformationStarbucks Data Breach Impacts Employees Latest News Iran Readied Cyberattack Capabilities for Response Prior to Epic FurySecurity Firm Aura Discloses Data Breach Impacting 900,000 RecordsHacker Conversations: Ben Harris, From Unintentional Young Hacker to Intentional Adult CEORussian APT Exploits Zimbra Vulnerability Against UkraineRaven Emerges From Stealth With $20 Million in FundingCISA Warns of Attacks Exploiting Recent SharePoint VulnerabilityCisco Firewall Vulnerability Exploited as Zero-Day in Interlock Ransomware AttacksThe Collapse of Predictive Security in the Age of Machine-Speed Attacks Trending Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Webinar: Securing Fragile OT in an Exposed World March 10, 2026 Get a candid look at the current OT threat landscape as we move past "doom and gloom" to discuss the mechanics of modern OT exposure. Register Webinar: Why Automated Pentesting Alone Is Not Enough April 7, 2026 Join our live diagnostic session to expose hidden coverage gaps and shift from flawed tool-level evaluations to a comprehensive, program-level validation discipline. Register People on the MoveSecurityBridge has promoted Holger Hügel to Chief Technology Officer.Armis has appointed Simon Mouyal as Chief Marketing Officer.Omada has named Jakob H. Kraglund as Chief Executive Officer.More People On The MoveExpert Insights The Human IOC: Why Security Professionals Struggle with Social Vetting Applying SOC-level rigor to the rumors, politics, and 'human intel' can make or break a security team. (Joshua Goldfarb) How to 10x Your Vulnerability Management Program in the Agentic Era The evolution of vulnerability management in the agentic era is characterized by continuous telemetry, contextual prioritization and the ultimate goal of agentic remediation. (Nadir Izrael) SIM Swaps Expose a Critical Flaw in Identity Security SIM swap attacks exploit misplaced trust in phone numbers and human processes to bypass authentication controls and seize high-value accounts. (Torsten George) Four Risks Boards Cannot Treat as Background Noise The goal isn’t about preventing every attack but about keeping the business running when attacks succeed. (Steve Durbin) How to Eliminate the Technical Debt of Insecure AI-Assisted Software Development Developers must view AI as a collaborator to be closely monitored, rather than an autonomous entity to be unleashed. Without such a mindset, crippling tech debt is inevitable. (Matias Madou) Flipboard Reddit Whatsapp Whatsapp Email
Indicators of Compromise
- malware — Akira
- cve — SonicWall firewall vulnerability