Monetary software program supplier Marquis Software program Options is warning that it suffered a data breach that impacted dozens of banks and credit score unions throughout the US.
Marquis Software program Options supplies information analytics, CRM instruments, compliance reporting, and digital advertising and marketing companies to over 700 banks, credit score unions, and mortgage lenders.
In data breach notifications filed with US Lawyer Basic workplaces, Marquis says it suffered a ransomware assault on August 14, 2025, after its community was breached by way of its SonicWall firewall.
This allowed the hackers to steal “sure recordsdata from its techniques” through the assault.
“The overview decided that the recordsdata contained private info acquired from sure enterprise prospects,” reads a notification filed with Maine’s AG workplace.
“The non-public info probably concerned for Maine residents consists of names, addresses, telephone numbers, Social Safety numbers, Taxpayer Identification Numbers, monetary account info with out security or entry codes, and dates of beginning.”
Marquis is now submitting notifications on behalf of its prospects, in some instances breaking down the variety of folks impacted per financial institution in a state. These notifications state that related information was uncovered within the assault for patrons in different U.S. states.
In response to notifications filed in Maine, Iowa, and Texas, over 400,000 prospects have been impacted from the next 74 banks and credit score unions.
| 1st Northern California Credit score Union | Abbott Laboratories Workers Credit score Union | Benefit Federal Credit score Union |
| Agriculture Federal Credit score Union | Alltrust Credit score Union | BayFirst Nationwide Financial institution |
| Bellwether Neighborhood Credit score Union | C&N Financial institution | Cape Cod 5 |
| Capital Metropolis Financial institution Group | Central Virginia Federal Credit score Union | Clark County Credit score Union |
| Neighborhood 1st Credit score Union | Neighborhood Bancshares of Mississippi, Inc. | Cornerstone Neighborhood Monetary Credit score Union |
| CPM Federal Credit score Union | CSE Federal Credit score Union | CU Hawaii Federal Credit score Union |
| d/b/a Neighborhood Financial institution | Discovery Federal Credit score Union | Earthmover Credit score Union |
| Educators Credit score Union | Power Capital Credit score Union | Constancy Cooperative Financial institution |
| First Neighborhood Credit score Union | First Northern Financial institution of Dixon | Florida Credit score Union |
| Fort Neighborhood Credit score Union | Founders Federal Credit score Union | Freedom of Maryland Federal Credit score Union |
| Gateway First Financial institution | Generations Federal Credit score Union | Gesa Credit score Union |
| Glendale Federal Credit score Union | Hope Federal Credit score Union | IBERIABANK n/okay/a First Horizon Financial institution |
| Industrial Federal Credit score Union | Inside Federal | Inside Federal Credit score Union |
| Interra Credit score Union | Jonestown Financial institution & Belief Co. | Kemba Monetary Credit score Union |
| Liberty First Credit score Union | Maine State Credit score Union | Market USA FCU |
| MemberSource Credit score Union | Michigan First Credit score Union | MIT Federal Credit score Union |
| New Orleans Firemen’s Federal Credit score Union | New Peoples Financial institution | Newburyport 5 Cents Financial savings Financial institution |
| NIH Federal Credit score Union | Pasadena Federal Credit score Union | Pathways Monetary Credit score Union |
| Peake Federal Credit score Union | Pelican Credit score Union | Pentucket Financial institution |
| PFCU Credit score Union | QNB Financial institution | Safety Credit score Union |
| Seneca Financial savings | ServU Credit score Union | StonehamBank Cooperative |
| Suncoast Credit score Union | Texoma Neighborhood Credit score Union | Thomaston Financial savings Financial institution |
| Time Financial institution | TowneBank | Ulster Financial savings Financial institution |
| College Credit score Union | Valley Robust Credit score Union | Westerra Credit score Union |
| Whitefish Credit score Union | Zing Credit score Union |
Right now, Marquis says that there isn’t any proof that information has been misused or revealed wherever.
Nonetheless, as beforehand reported by Comparitech, a now-deleted submitting by Neighborhood 1st credit score union claimed that Marquis paid a ransomm, which is finished to forestall the leaking and abuse of stolen information.
“Marquis paid a ransomware shortly after 08/14/25. On 10/27/25 C1st was notified that nonpublic private info associated to C1st members was included within the Marquis breach,” reads the deleted notification seen by Comparitech.
Whereas the corporate’s data breach notifications state solely that it has “taken steps to cut back the chance of such a incident,” a submitting by CoVantage Credit score Union with the New Hampshire AG shares additional particulars about how the corporate is growing security.
This notification states that Marquis has now enhanced its security controls by doing the next:
- Making certain that each one firewall gadgets are totally patched and updated,
- Rotating passwords for native accounts,
- Deleting outdated or unused accounts,
- Making certain that multi-factor authentication is enabled for all firewall and digital personal community (“VPN”) accounts,
- Growing logging retention for firewall gadgets, (
- Making use of account lock-out insurance policies on the VPN for too many failed logins,
- Making use of geo-IP filtering to solely enable connections from particular international locations wanted for enterprise operations, and
- Making use of insurance policies to robotically block connections to/from recognized Botnet Command and Management servers on the firewall.
These steps point out that the risk actors seemingly gained entry to the corporate community by way of a SonicWall VPN account, a recognized tactic utilized by some ransomware gangs, particularly Akira ransomware.
Concentrating on SonicWall firewalls
Whereas Marquis has not shared any additional particulars in regards to the ransomware assault, the Akira ransomware gang has been concentrating on SonicWall firewalls to achieve preliminary entry to company networks since at the very least early September 2024.
Akira began breaching SonicWall SSL VPN gadgets in 2024 by exploiting the CVE-2024-40766 vulnerability, which allowed attackers to steal VPN usernames, passwords, and seeds to generate one-time passcodes.
Even after SonicWall patched the bug, many organizations did not correctly reset their VPN credentials, permitting Akira to proceed breaching patched gadgets with beforehand stolen credentials.
A current report exhibits the group continues to be signing in to SonicWall VPN accounts even when MFA is enabled, suggesting the attackers stole OTP seeds through the earlier exploitation.
As soon as Akira will get in by way of the VPN, they transfer shortly to scan the community, carry out reconnaissance, acquire elevated privileges within the Home windows Lively Listing, and steal information earlier than deploying ransomware.
Damaged IAM is not simply an IT downside – the impression ripples throughout your complete enterprise.
This sensible information covers why conventional IAM practices fail to maintain up with trendy calls for, examples of what “good” IAM appears like, and a easy guidelines for constructing a scalable technique.
