Fintech marketing and analytics provider Marquis has begun notifying U.S. banks and credit unions after a ransomware breach exposed sensitive customer information accessed through a SonicWall firewall vulnerability.
According to a filing with the Maine Attorney General, Marquis detected suspicious activity on August 14, 2025, and later confirmed that an intruder had penetrated its firewall, allowing unauthorized access to files stored on its internal systems.
The company said the attack stemmed from an exploit targeting its SonicWall appliance, enabling attackers to potentially exfiltrate multiple data sets belonging to current and former business clients.
Wide Range of Personal Information Potentially Exposed
A review of the breached files revealed the presence of highly sensitive personal identifiers, including:
full names
residential addresses
phone numbers
dates of birth
Social Security numbers
taxpayer identification numbers
limited financial account information
While Marquis stated there is no evidence so far that the stolen data has been misused, cybersecurity experts warn that such data sets are frequently leveraged for identity theft, account takeovers, synthetic fraud, and social engineering campaigns.
The company is issuing notifications on behalf of its impacted clients — a list that spans banks, credit unions, and financial institutions that relied on Marquis for marketing, analytics, and member engagement services.
Timeline Shows Attackers Had a Clear Opportunity Window
The intruder is believed to have accessed the systems on or around August 14, with forensic teams later confirming that certain files were likely acquired during the breach.
Ransomware groups commonly exfiltrate data prior to encryption, and while Marquis has not explicitly mentioned encryption attempts, the nature of the incident aligns with typical double-extortion ransomware tactics.
The company has not disclosed which ransomware group is responsible or whether a ransom demand was issued.
Financial Sector Faces Rising Vendor Risk Exposure
The incident highlights a growing concern in the U.S. financial services industry — the increasing vulnerability of third-party vendors handling sensitive customer data.
Supply-chain breaches targeting fintech service providers have surged over the past two years, enabling attackers to compromise multiple financial institutions through a single point of failure.
Cybersecurity analysts stress the need for:
continuous vendor-risk assessments
zero-trust network segmentation
hardened endpoint and firewall configurations
stronger incident-response protocols across the supply chain
“Ransomware actors are shifting toward multi-institution attacks by targeting shared service providers,” noted one analyst.
“That makes breaches like this disproportionately damaging and far harder for individual banks to contain.”
Marquis Responds With Notifications and Security Enhancements
Marquis said it is issuing notifications to impacted individuals and organizations “out of an abundance of caution” and is working with cybersecurity partners to strengthen its systems against future attacks.
The company added that it has implemented additional security measures, including infrastructure hardening and expanded monitoring, though specific details were not disclosed publicly.
With regulatory scrutiny intensifying across the U.S., the breach is expected to trigger further examination of security controls at third-party fintech vendors — particularly those handling high-value financial and identity data.
