Fintech firm Marquis alerts dozens of US banks and credit unions of a data breach after ransomware attack

Fintech company Marquis is notifying dozens of U.S. banks and credit unions that their customer data was stolen in a cyberattack earlier this year.

Details of the cyberattack emerged this week after Marquis filed data breach notices with several U.S. states confirming its August 14 incident as a ransomware attack.

Texas-based Marquis is a marketing and compliance provider that enables banks and other financial institutions to collect and visualise all their customer data in one place. The company lists more than 700 banking and credit union customers on its website. As a result, Marquis has access to and stores large amounts of data belonging to consumer banking customers across the United States.

At least 400,000 people are so far confirmed to be affected by the data breach, according to legally required disclosures filed in Iowa, Maine, Texas, Massachusetts, and New Hampshire that TechCrunch reviewed.

Texas has the largest number of state residents so far affected by the breach, with at least 354,000 people having their data stolen.

Marquis said in its notice to Maine’s attorney general that banking customers with the Maine State Credit Union accounted for the majority of its data breach notifications, or around one in nine people who are known to be affected throughout the state.

The number of individuals affected by the breach is expected to rise as additional data breach notifications are submitted in other states.

Marquis said the hackers stole customer names, dates of birth, mailing addresses, and financial information, including bank account, debit, and credit card numbers. The company also confirmed that customers’ Social Security numbers were part of the stolen data.

According to its most recent notices, Marquis blamed the ransomware attack on hackers who exploited a vulnerability in its SonicWall firewall. The vulnerability was considered a zero-day, meaning the flaw was not known to SonicWall or its customers before it was maliciously exploited.

Marquis did not attribute the ransomware attack to any specific group, but the Akira ransomware gang was reportedly behind the mass exploitation of SonicWall devices at that time.

TechCrunch asked Marquis if it is aware of the total number of people affected by the breach, and whether the company received any communication from the hackers or paid a ransom, but did not receive a response before publication.

Do you know more about the Marquis data breach? Do you work at Marquis or at a company affected by the incident? We would like to hear from you. To securely reach this reporter, you can use Signal via the username: zackwhittaker.1337