Two more banks notifying thousands of victims about Marquis Software ransomware attack
Monday, December 29, 2025
What
Marquis Software, a financial software company providing data analytics and marketing tools, suffered a ransomware attack around August 14, 2023. The attackers exploited a vulnerability in the company's SonicWall firewall device to gain unauthorized access, leading to the theft of sensitive personal information belonging to customers of its client banks and credit unions. This incident constitutes a significant supply chain attack, as the breach at Marquis Software subsequently impacted dozens of its corporate customers, including Artisans' Bank and VeraBank, who had entrusted customer data to the vendor.
Where
The incident primarily affected Marquis Software, a U.S.-based financial software company, and at least 74 of its client financial institutions across the United States. Specifically named are Artisans' Bank (Delaware-based), VeraBank (Texas-based), and Community 1st Credit Union (Iowa-based), with breach notifications filed in states including Maine, South Carolina, Washington, and Iowa.
When
The ransomware attack on Marquis Software occurred around August 14, 2023, and was discovered by the company in August. Marquis Software began notifying affected financial institutions between October 27 and November 25, leading to subsequent public disclosures by banks like Artisans' Bank and VeraBank in October and November.
Key Factors
- •The incident represents a significant supply chain attack, where a breach at a third-party vendor, Marquis Software, directly compromised the data of numerous downstream financial institutions and their customers, despite the banks' own systems remaining unbreached.
- •Attackers gained initial access by exploiting a vulnerability in Marquis Software's SonicWall firewall device, highlighting the critical importance of securing network perimeter devices against known weaknesses.
- •The stolen personal information is extensive, including names, addresses, phone numbers, Social Security numbers, taxpayer identification numbers, financial account information (without security or access codes), and dates of birth, affecting an estimated 788,000 to 1.35 million individuals.
- •Iowa-based Community 1st Credit Union reportedly paid a ransom to the attackers, as indicated in a since-deleted breach notification letter, although Marquis Software has not confirmed the payment.
Takeaways
- →Financial institutions must conduct rigorous due diligence and continuous monitoring of their third-party vendors to mitigate supply chain risks and ensure robust data security practices are in place.
- →This incident underscores the pervasive threat of ransomware and the critical need for organizations to promptly patch vulnerabilities in network infrastructure, especially firewall devices, to prevent initial access by threat actors.
- →Individuals affected by such breaches should remain vigilant for signs of identity theft, monitor their financial accounts and credit reports, and consider placing fraud alerts or credit freezes.
Opens original article on The Record
