Monetary software program supplier Marquis Software program Options is warning that it suffered a knowledge breach that impacted dozens of banks and credit score unions throughout the US.
Marquis Software program Options offers knowledge analytics, CRM instruments, compliance reporting, and digital advertising and marketing providers to over 700 banks, credit score unions, and mortgage lenders.
In knowledge breach notifications filed with US Legal professional Common workplaces, Marquis says it suffered a ransomware assault on August 14, 2025, after its community was breached via its SonicWall firewall.
This allowed the hackers to steal “sure information from its methods” through the assault.
“The evaluation decided that the information contained private data acquired from sure enterprise prospects,” reads a notification filed with Maine’s AG workplace.
“The private data probably concerned for Maine residents contains names, addresses, cellphone numbers, Social Safety numbers, Taxpayer Identification Numbers, monetary account data with out safety or entry codes, and dates of beginning.”
Marquis is now submitting notifications on behalf of its prospects, in some instances breaking down the variety of folks impacted per financial institution in a state. These notifications state that related knowledge was uncovered within the assault for purchasers in different U.S. states.
In keeping with notifications filed in Maine, Iowa, and Texas, over 400,000 prospects have been impacted from the next 74 banks and credit score unions.
| 1st Northern California Credit score Union | Abbott Laboratories Workers Credit score Union | Benefit Federal Credit score Union |
| Agriculture Federal Credit score Union | Alltrust Credit score Union | BayFirst Nationwide Financial institution |
| Bellwether Neighborhood Credit score Union | C&N Financial institution | Cape Cod 5 |
| Capital Metropolis Financial institution Group | Central Virginia Federal Credit score Union | Clark County Credit score Union |
| Neighborhood 1st Credit score Union | Neighborhood Bancshares of Mississippi, Inc. | Cornerstone Neighborhood Monetary Credit score Union |
| CPM Federal Credit score Union | CSE Federal Credit score Union | CU Hawaii Federal Credit score Union |
| d/b/a Neighborhood Financial institution | Discovery Federal Credit score Union | Earthmover Credit score Union |
| Educators Credit score Union | Vitality Capital Credit score Union | Constancy Cooperative Financial institution |
| First Neighborhood Credit score Union | First Northern Financial institution of Dixon | Florida Credit score Union |
| Fort Neighborhood Credit score Union | Founders Federal Credit score Union | Freedom of Maryland Federal Credit score Union |
| Gateway First Financial institution | Generations Federal Credit score Union | Gesa Credit score Union |
| Glendale Federal Credit score Union | Hope Federal Credit score Union | IBERIABANK n/okay/a First Horizon Financial institution |
| Industrial Federal Credit score Union | Inside Federal | Inside Federal Credit score Union |
| Interra Credit score Union | Jonestown Financial institution & Belief Co. | Kemba Monetary Credit score Union |
| Liberty First Credit score Union | Maine State Credit score Union | Market USA FCU |
| MemberSource Credit score Union | Michigan First Credit score Union | MIT Federal Credit score Union |
| New Orleans Firemen’s Federal Credit score Union | New Peoples Financial institution | Newburyport 5 Cents Financial savings Financial institution |
| NIH Federal Credit score Union | Pasadena Federal Credit score Union | Pathways Monetary Credit score Union |
| Peake Federal Credit score Union | Pelican Credit score Union | Pentucket Financial institution |
| PFCU Credit score Union | QNB Financial institution | Safety Credit score Union |
| Seneca Financial savings | ServU Credit score Union | StonehamBank Cooperative |
| Suncoast Credit score Union | Texoma Neighborhood Credit score Union | Thomaston Financial savings Financial institution |
| Time Financial institution | TowneBank | Ulster Financial savings Financial institution |
| College Credit score Union | Valley Sturdy Credit score Union | Westerra Credit score Union |
| Whitefish Credit score Union | Zing Credit score Union |
At the moment, Marquis says that there isn’t any proof that knowledge has been misused or printed anyplace.
Nevertheless, as beforehand reported by Comparitech, a now-deleted submitting by Neighborhood 1st credit score union claimed that Marquis paid a ransomm, which is completed to stop the leaking and abuse of stolen knowledge.
“Marquis paid a ransomware shortly after 08/14/25. On 10/27/25 C1st was notified that nonpublic private data associated to C1st members was included within the Marquis breach,” reads the deleted notification seen by Comparitech.
Whereas the corporate’s knowledge breach notifications state solely that it has “taken steps to cut back the chance of the sort of incident,” a submitting by CoVantage Credit score Union with the New Hampshire AG shares additional particulars about how the corporate is rising safety.
This notification states that Marquis has now enhanced its safety controls by doing the next:
- Making certain that each one firewall units are totally patched and updated,
- Rotating passwords for native accounts,
- Deleting previous or unused accounts,
- Making certain that multi-factor authentication is enabled for all firewall and digital personal community (“VPN”) accounts,
- Rising logging retention for firewall units, (
- Making use of account lock-out insurance policies on the VPN for too many failed logins,
- Making use of geo-IP filtering to solely enable connections from particular nations wanted for enterprise operations, and
- Making use of insurance policies to mechanically block connections to/from recognized Botnet Command and Management servers on the firewall.
These steps point out that the menace actors probably gained entry to the corporate community via a SonicWall VPN account, a recognized tactic utilized by some ransomware gangs, particularly Akira ransomware.
Focusing on SonicWall firewalls
Whereas Marquis has not shared any additional particulars concerning the ransomware assault, the Akira ransomware gang has been focusing on SonicWall firewalls to achieve preliminary entry to company networks since a minimum of early September 2024.
Akira began breaching SonicWall SSL VPN units in 2024 by exploiting the CVE-2024-40766 vulnerability, which allowed attackers to steal VPN usernames, passwords, and seeds to generate one-time passcodes.
Even after SonicWall patched the bug, many organizations did not correctly reset their VPN credentials, permitting Akira to proceed breaching patched units with beforehand stolen credentials.
A current report exhibits the group remains to be signing in to SonicWall VPN accounts even when MFA is enabled, suggesting the attackers stole OTP seeds through the earlier exploitation.
As soon as Akira will get in via the VPN, they transfer rapidly to scan the community, carry out reconnaissance, achieve elevated privileges within the Home windows Lively Listing, and steal knowledge earlier than deploying ransomware.
Damaged IAM is not simply an IT drawback – the affect ripples throughout your entire enterprise.
This sensible information covers why conventional IAM practices fail to maintain up with trendy calls for, examples of what “good” IAM seems like, and a easy guidelines for constructing a scalable technique.
