Monetary software program supplier Marquis Software program Options is warning that it suffered an information breach that impacted dozens of banks and credit score unions throughout the US.
Marquis Software program Options offers information analytics, CRM instruments, compliance reporting, and digital advertising and marketing providers to over 700 banks, credit score unions, and mortgage lenders.
In information breach notifications filed with US Lawyer Normal places of work, Marquis says it suffered a ransomware assault on August 14, 2025, after its community was breached via its SonicWall firewall.
This allowed the hackers to steal “sure information from its techniques” through the assault.
“The assessment decided that the information contained private info obtained from sure enterprise clients,” reads a notification filed with Maine’s AG workplace.
“The private info doubtlessly concerned for Maine residents contains names, addresses, telephone numbers, Social Safety numbers, Taxpayer Identification Numbers, monetary account info with out safety or entry codes, and dates of start.”
Marquis is now submitting notifications on behalf of its clients, in some instances breaking down the variety of folks impacted per financial institution in a state. These notifications state that related information was uncovered within the assault for purchasers in different U.S. states.
In accordance with notifications filed in Maine, Iowa, and Texas, over 400,000 clients have been impacted from the next 74Â banks and credit score unions.
| 1st Northern California Credit score Union | Abbott Laboratories Workers Credit score Union | Benefit Federal Credit score Union |
| Agriculture Federal Credit score Union | Alltrust Credit score Union | BayFirst Nationwide Financial institution |
| Bellwether Group Credit score Union | C&N Financial institution | Cape Cod 5 |
| Capital Metropolis Financial institution Group | Central Virginia Federal Credit score Union | Clark County Credit score Union |
| Group 1st Credit score Union | Group Bancshares of Mississippi, Inc. | Cornerstone Group Monetary Credit score Union |
| CPM Federal Credit score Union | CSE Federal Credit score Union | CU Hawaii Federal Credit score Union |
| d/b/a Group Financial institution | Discovery Federal Credit score Union | Earthmover Credit score Union |
| Educators Credit score Union | Power Capital Credit score Union | Constancy Cooperative Financial institution |
| First Group Credit score Union | First Northern Financial institution of Dixon | Florida Credit score Union |
| Fort Group Credit score Union | Founders Federal Credit score Union | Freedom of Maryland Federal Credit score Union |
| Gateway First Financial institution | Generations Federal Credit score Union | Gesa Credit score Union |
| Glendale Federal Credit score Union | Hope Federal Credit score Union | IBERIABANK n/ok/a First Horizon Financial institution |
| Industrial Federal Credit score Union | Inside Federal | Inside Federal Credit score Union |
| Interra Credit score Union | Jonestown Financial institution & Belief Co. | Kemba Monetary Credit score Union |
| Liberty First Credit score Union | Maine State Credit score Union | Market USA FCU |
| MemberSource Credit score Union | Michigan First Credit score Union | MIT Federal Credit score Union |
| New Orleans Firemen’s Federal Credit score Union | New Peoples Financial institution | Newburyport 5 Cents Financial savings Financial institution |
| NIH Federal Credit score Union | Pasadena Federal Credit score Union | Pathways Monetary Credit score Union |
| Peake Federal Credit score Union | Pelican Credit score Union | Pentucket Financial institution |
| PFCU Credit score Union | QNB Financial institution | Safety Credit score Union |
| Seneca Financial savings | ServU Credit score Union | StonehamBank Cooperative |
| Suncoast Credit score Union | Texoma Group Credit score Union | Thomaston Financial savings Financial institution |
| Time Financial institution | TowneBank | Ulster Financial savings Financial institution |
| College Credit score Union | Valley Robust Credit score Union | Westerra Credit score Union |
| Whitefish Credit score Union | Zing Credit score Union | Â |
At the moment, Marquis says that there isn’t a proof that information has been misused or printed wherever.
Nevertheless, as beforehand reported by Comparitech, a now-deleted submitting by Group 1st credit score union claimed that Marquis paid a ransomm, which is finished to forestall the leaking and abuse of stolen information.
“Marquis paid a ransomware shortly after 08/14/25. On 10/27/25 C1st was notified that nonpublic private info associated to C1st members was included within the Marquis breach,” reads the deleted notification seen by Comparitech.
Whereas the corporate’s information breach notifications state solely that it has “taken steps to cut back the chance of this sort of incident,” a submitting by CoVantage Credit score Union with the New Hampshire AG shares additional particulars about how the corporate is growing safety.
This notification states that Marquis has now enhanced its safety controls by doing the next:
- Making certain that each one firewall gadgets are totally patched and updated,
- Rotating passwords for native accounts,
- Deleting previous or unused accounts,
- Making certain that multi-factor authentication is enabled for all firewall and digital non-public community (“VPN”) accounts,
- Growing logging retention for firewall gadgets, (
- Making use of account lock-out insurance policies on the VPN for too many failed logins,
- Making use of geo-IP filtering to solely permit connections from particular international locations wanted for enterprise operations, and
- Making use of insurance policies to routinely block connections to/from recognized Botnet Command and Management servers on the firewall.Â
These steps point out that the menace actors possible gained entry to the corporate community via a SonicWall VPN account, a recognized tactic utilized by some ransomware gangs, particularly Akira ransomware.
Focusing on SonicWall firewalls
Whereas Marquis has not shared any additional particulars in regards to the ransomware assault, the Akira ransomware gang has been concentrating on SonicWall firewalls to achieve preliminary entry to company networks since no less than early September 2024.
Akira began breaching SonicWall SSL VPN gadgets in 2024 by exploiting the CVE-2024-40766 vulnerability, which allowed attackers to steal VPN usernames, passwords, and seeds to generate one-time passcodes.
Even after SonicWall patched the bug, many organizations did not correctly reset their VPN credentials, permitting Akira to proceed breaching patched gadgets with beforehand stolen credentials.
A current report exhibits the group remains to be signing in to SonicWall VPN accounts even when MFA is enabled, suggesting the attackers stole OTP seeds through the earlier exploitation.
As soon as Akira will get in via the VPN, they transfer shortly to scan the community, carry out reconnaissance, acquire elevated privileges within the Home windows Lively Listing, and steal information earlier than deploying ransomware.
Damaged IAM is not simply an IT downside – the impression ripples throughout your complete enterprise.
This sensible information covers why conventional IAM practices fail to maintain up with fashionable calls for, examples of what “good” IAM appears like, and a easy guidelines for constructing a scalable technique.
