Marquis, a Texas-based monetary companies supplier, revealed this week {that a} ransomware gang stole the info of over 670,000 people in an August 2025 cyberattack that additionally disrupted operations at 74 banks throughout the USA.
The corporate supplies digital advertising and marketing, knowledge analytics, compliance, and CRM companies to greater than 700 banks, credit score unions, and mortgage lenders throughout the USA.
In data breach notifications filed with U.S. Lawyer Basic workplaces in early December, Marquis mentioned it suffered a ransomware assault on August 14, 2025, after the menace actors compromised a SonicWall firewall.
After breaching its community, the attackers stole a variety of private and monetary info, together with affected people’ names, dates of delivery, addresses, telephone numbers, Social Safety numbers, Taxpayer Identification Numbers, and monetary account info with out security or entry codes.
“The incident was restricted to Marquis’s methods and didn’t have an effect on our buyer’s methods,” the fintech firm mentioned in data breach notification letters despatched to 672,075 affected individuals this week.
“Our buyer reviewed the affected recordsdata on December 10, 2025, and afterwards labored to validate and establish people whose info might have been affected by the incident, and our buyer labored as shortly as attainable to acquire people’ most up-to-date mailing deal with info.”
In January, Marquis blamed the ransomware assault on a security breach disclosed by SonicWall on September 17, when the corporate warned clients to reset their MySonicWall account credentials.
On the time, SonicWall mentioned the incident affected solely about 5% of its firewall clients utilizing its cloud backup service and warned that the attackers may extract entry credentials and tokens, which might make it “considerably simpler” to compromise affected clients’ firewalls.
A Mandiant investigation into the September assault additionally discovered proof linking the incident to a state-sponsored hacking group.
In February, Marquis filed a lawsuit towards SonicWall, accusing the cybersecurity firm of gross negligence and misrepresentation, which allegedly led to the ransomware assault on the fintech agency’s methods in August 2025.
“On account of SonicWall’s conduct, Marquis has suffered, and continues to undergo, damages; a lack of clients; hurt to its enterprise fame; misplaced enterprise alternatives, income and revenue; and substantial diminution in its enterprise worth,” Marquis famous within the grievance.
The corporate additionally famous that it was defending over 36 shopper class motion lawsuits stemming from the August 2025 cyberattack and the ensuing data breach, and it was searching for financial damages, indemnification, contribution for any judgments within the associated class actions, attorneys’ charges, and equitable aid.
Malware is getting smarter. The Crimson Report 2026 reveals how new threats use math to detect sandboxes and conceal in plain sight.
Obtain our evaluation of 1.1 million malicious samples to uncover the highest 10 strategies and see in case your security stack is blinded.
