Marquis, a Texas-based provider of digital marketing, data analytics, compliance, and CRM services to over 700 U.S. financial institutions, has disclosed a significant ransomware attack. The August 2025 incident compromised the personal and financial data of 672,075 individuals and caused operational disruptions at 74 banks nationwide. According to data breach notifications filed with state Attorneys General, threat actors initially gained access to the company's network by exploiting a vulnerability in a SonicWall firewall on August 14th.
Following the network breach, the attackers exfiltrated a vast trove of sensitive information. The stolen data includes affected individuals' full names, dates of birth, physical addresses, phone numbers, Social Security Numbers (SSNs), Taxpayer Identification Numbers (TINs), and detailed financial account information. Notably, the company stated that the stolen financial data did not include security or access codes. Marquis has emphasized that the security incident was contained within its own systems and did not directly impact the internal networks of its banking and credit union clients.
The disclosure highlights the cascading risks posed by third-party service providers in the financial sector, often referred to as supply-chain attacks. While Marquis's direct customer systems were not breached, the compromise of its centralized data and service platforms had an immediate downstream effect, disrupting critical services for dozens of banks. The company and its affected banking clients undertook a lengthy validation process, concluding on December 10, 2025, to identify precisely which individuals' data was exposed before issuing formal notifications.
This incident occurs amidst a flurry of other critical cybersecurity developments. Recently, ConnectWise patched a severe flaw in its ScreenConnect remote access software that could allow complete system hijacking. Simultaneously, a new iOS exploit dubbed "Darksword" has been deployed in infostealer campaigns targeting iPhones. In response to ongoing threats, Apple has released its first-ever rapid security update for macOS to address a critical WebKit vulnerability, and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has mandated federal agencies to patch an actively exploited cross-site scripting (XSS) flaw in Zimbra collaboration software. The Marquis breach serves as a stark reminder of the interconnected threat landscape where a single point of failure can have widespread consequences.
