Fintech Vendor Breach Puts Hundreds of Thousands of Bank Customers at Risk
Marquis, a Plano, Texas-based fintech company used by hundreds of banks to analyze customer data, has begun notifying over 672,000 individuals that their personal and financial information — including Social Security numbers — was stolen in a ransomware attack. In a notable twist, Marquis has sued its firewall provider SonicWall, accusing the company of security failings that enabled the breach.
| Attribute | Value |
|---|---|
| Victim Company | Marquis (Plano, TX fintech) |
| Individuals Affected | 672,075+ (later revised to 780,000+) |
| Attack Type | Ransomware (via firewall exploitation) |
| Initial Access | SonicWall firewall vulnerability |
| Breach Date | August 14, 2025 |
| Notification Date | Mid-March 2026 |
| Data Compromised | SSNs, bank account numbers, credit/debit card numbers, DOBs, addresses |
| Legal Action | Marquis suing SonicWall (filed February 2026) |
What Was Stolen
The breach exposed a comprehensive set of sensitive financial and personal data:
- Social Security numbers of banking customers
- Bank account numbers, debit card numbers, and credit card numbers
- Names, dates of birth, and postal addresses
- Financial analysis data used by client banks
How the Breach Happened
The incident began on August 14, 2025, when attackers exploited a vulnerability in Marquis' SonicWall firewall to gain initial network access. Once inside, the attackers moved laterally through the network, exfiltrated sensitive data, and deployed ransomware.
The SonicWall Lawsuit
In February 2026, Marquis filed a lawsuit against SonicWall, alleging that the firewall vendor's security failings allowed hackers to steal critical information about its firewalls, which was then used to compromise Marquis' network. The lawsuit claims SonicWall failed to adequately protect against known vulnerability classes in its products.
| Impact Area | Description |
|---|---|
| Consumer Financial Risk | SSNs and financial account data enable identity theft and fraud |
| Banking Sector Exposure | Hundreds of banks' customer data compromised through a single vendor |
| Third-Party Risk | Highlights the cascading risk of fintech supply chain breaches |
| Legal Precedent | Victim company suing its security vendor for enabling the breach |
| Regulatory Scrutiny | 7-month delay between breach and notification raises compliance questions |
Recommendations
For Affected Individuals
- Freeze credit with all three major bureaus (Equifax, Experian, TransUnion) immediately
- Monitor bank accounts and credit card statements for unauthorized transactions
- Enroll in the credit monitoring and identity protection services offered by Marquis
- Be alert for phishing attempts that leverage stolen personal data
For Organizations
- Audit third-party vendor security — fintech providers with access to customer data are high-value targets
- Ensure firewall firmware is updated and patched against known CVEs
- Implement network segmentation to limit lateral movement after initial compromise
- Review breach notification timelines — a 7-month gap raises regulatory risk
Key Takeaways
- Over 672,000 banking customers had SSNs and financial data stolen via a ransomware attack on Marquis
- Attackers gained initial access through a SonicWall firewall vulnerability in August 2025
- Marquis is suing SonicWall for security failings that enabled the breach
- Affected count was later revised upward to 780,000+ individuals by Infosecurity Magazine
- The 7-month notification delay (August 2025 → March 2026) raises regulatory concerns
- The incident underscores third-party supply chain risk in the banking sector
Sources
- Marquis Says Over 672,000 People Had Personal and Financial Data Stolen in Ransomware Attack — TechCrunch
- Marquis Data Breach Affects 672,000 Individuals — SecurityWeek
- Ransomware Attack On Marquis Software Solutions Exposes Records Of Over 672,000 Banking Customers — Crowdfund Insider
- Data Breach at Marquis Software Solutions Affected Over 780,000 People — Infosecurity Magazine