Marquis, a prominent provider of marketing and compliance solutions for financial institutions, has revealed a significant data breach impacting approximately 672,000 individuals. This disclosure comes after the company initially reported the breach last year.
Details of the Breach
The Texas-based company became aware in August 2025 that unauthorized parties had infiltrated its systems. In December, Marquis publicly acknowledged that attackers had accessed sensitive data, including names, addresses, Social Security numbers, dates of birth, taxpayer identification numbers, and financial details such as payment card information. This data was managed by Marquis on behalf of its numerous clients, comprising over 700 banks and credit unions.
Initially, Marquis did not provide a comprehensive count of affected individuals. However, reports from various state authorities and financial institutions suggested that up to 780,000 people might have been impacted.
Revised Estimates and Overlapping Accounts
Earlier this year, Comparitech estimated that the breach could have affected as many as 1.6 million individuals. Yet, Marquis recently informed the Maine Attorney General’s Office that the figure stands at just over 672,000.
This discrepancy might be explained by overlapping accounts, where customers hold multiple accounts across different institutions serviced by Marquis.
Unconfirmed Ransom Payment and Vulnerability Exploitation
No cybercriminal organization has officially claimed responsibility for this breach. However, Comparitech mentioned a now-deleted notice from an Iowa credit union that alleged Marquis had paid a ransom, a claim that remains unconfirmed by the company.
The breach reportedly exploited a SonicWall firewall vulnerability. At the time the breach was discovered, the Akira ransomware group was known to be actively exploiting similar vulnerabilities.
Marquis has not yet responded to requests for comments on these claims. This incident highlights the ongoing vulnerabilities in financial sectors and the critical need for robust cybersecurity measures.
Related incidents include a data breach disclosed by Security Firm Aura, impacting 900,000 records, and a cyberattack on Robotic Surgery Giant Intuitive.
