Ransomware Attack on Marquis Software Exposes Data Across 74 US Banks
A major cybersecurity incident has struck the US financial sector after a ransomware attack targeted Marquis Software, a Texas-based data-services provider widely used by banks and credit unions. The breach exposed sensitive customer information from 74 financial institutions, affecting more than 400,000 individuals.
This marks one of the most significant vendor-based data leaks reported in the American banking industry in recent years.
Firewall Vulnerability Was the Entry Point
Investigators have found that attackers exploited a critical weakness in the SonicWall SSL-VPN firewall deployed within Marquis Software’s network.
Once inside, the attackers quietly accessed internal systems, copied customer files, and then deployed ransomware.
The leaked data is believed to include:
-
Full names
-
Contact details
-
Dates of birth
-
Identification numbers such as Social Security or Taxpayer IDs
-
Bank account-related information (excluding PINs or passwords)
Because Marquis Software aggregates and processes data for hundreds of banks, the breach had a cascading effect across many financial institutions.
Impact Spreads Through the US Banking Network
The company has begun notifying affected banks and credit unions. Many of these institutions relied on Marquis for compliance reporting, analytics, and customer-relationship tools — meaning the breached information belonged to their customers, not the vendor itself.
Although some institutions have suggested that a ransom may have been paid, the vendor has not publicly confirmed any such details.
Regulators expect the number of affected individuals to increase as more banks complete internal audits.
Vendor Risk: A Growing Threat for Financial Institutions
This breach highlights a growing challenge in modern banking:
third-party vendors often hold as much sensitive data as the banks themselves.
Even when institutions maintain strong cybersecurity protocols, a weakness in a partner’s network can expose millions. Experts warn that as financial services increasingly rely on outsourced analytics and marketing platforms, these risks become systemic.
The firewall exploit used in this attack also raises concerns about how VPN devices and perimeter security tools are managed — especially when vulnerabilities remain accessible despite software patches.
Risks for Consumers: Identity Theft & Fraud
Customers whose data was exposed now face a long-term risk of:
-
Identity impersonation
-
Unauthorized account openings
-
Loan or credit fraud
-
Targeted phishing attacks
Authorities urge affected individuals to monitor their accounts, review financial statements, and consider additional protection measures such as credit freezes or fraud alerts.
Shunyatax Global Insight
The Marquis Software breach is a stark reminder that cybersecurity failures at even a single service provider can ripple across an entire financial ecosystem. For banks, the event reinforces the need for:
-
Stricter vendor-risk evaluations
-
Mandatory credential resets after security patches
-
Zero-trust network principles
-
Enhanced monitoring of outsourced data environments
At Shunyatax Global, we continue to track major cybersecurity incidents impacting the financial sector, offering insights that help organizations strengthen their risk posture in an increasingly digital and interconnected world.
Stay updated with Shunyatax Global Services for expert analysis on cyber threats, financial regulation, and global fraud trends.
Share:
Noida Consultant Loses ₹12 Crore in WhatsApp-Based Job & Trading Scam
DRI Flags Rising Use of Crypto, USDT for Gold & Drug Smuggling