Skip to content
Tech News
← Back to articles

Marquis: Ransomware gang stole data of 672K people in cyberattack

2026-03-18 | original
read original get Cybersecurity USB Drive → more articles
Why This Matters

The Marquis ransomware attack highlights ongoing cybersecurity vulnerabilities in financial services, exposing sensitive personal and financial data of over 670,000 individuals. This incident underscores the importance of robust security measures and rapid response strategies to protect consumer data and maintain trust in the digital economy. As cyber threats evolve, both companies and consumers must prioritize cybersecurity awareness and resilience.

Key Takeaways

Marquis, a Texas-based financial services provider, revealed this week that a ransomware gang stole the data of over 670,000 individuals in an August 2025 cyberattack that also disrupted operations at 74 banks across the United States.

The company provides digital marketing, data analytics, compliance, and CRM services to more than 700 banks, credit unions, and mortgage lenders across the United States.

In data breach notifications filed with U.S. Attorney General offices in early December, Marquis said it suffered a ransomware attack on August 14, 2025, after the threat actors compromised a SonicWall firewall.

After breaching its network, the attackers stole a wide range of personal and financial information, including affected individuals' names, dates of birth, addresses, phone numbers, Social Security numbers, Taxpayer Identification Numbers, and financial account information without security or access codes.

"The incident was limited to Marquis’s systems and did not affect our customer’s systems," the fintech company said in data breach notification letters sent to 672,075 affected people this week.

"Our customer reviewed the affected files on December 10, 2025, and afterwards worked to validate and identify individuals whose information may have been affected by the incident, and our customer worked as quickly as possible to obtain individuals’ most recent mailing address information."

In January, Marquis blamed the ransomware attack on a security breach disclosed by SonicWall on September 17, when the company warned customers to reset their MySonicWall account credentials.

Marquis January statement (BleepingComputer)

At the time, SonicWall said the incident affected only about 5% of its firewall customers using its cloud backup service and warned that the attackers could extract access credentials and tokens, which would make it "significantly easier" to compromise affected customers' firewalls.

A Mandiant investigation into the September attack also found evidence linking the incident to a state-sponsored hacking group.

... continue reading

Explore topics: marquis sonicwall cyberattack ransomware fintech
Related:
Marquis says over 672,000 people had personal and financial data stolen in ransomware attack
Ransomware gang exploits Cisco flaw in zero-day attacks since January
Less Lucrative Ransomware Market Makes Attackers Alter Methods
Stryker says it’s restoring systems after pro-Iran hackers wiped thousands of employee devices
Warlock Ransomware Group Augments Post-Exploitation Activities

© 2026 GoKawiil

About | Editorial Policy | Contact