Over 70 US banks and credit unions affected by Marquis ransomware breach - here's what we know

1. Pro
2. Security

Over 70 US banks and credit unions affected by Marquis ransomware breach - here's what we know News By Sead Fadilpašić published 4 December 2025

Marquis was struck with ransomware

Comments (0) ()

When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

Image Credit: Pixabay (Image credit: Pixabay)

• Marquis Software Solutions hit by ransomware via SonicWall flaw, affecting 400,000+ customers across 74 banks/credit unions
• Stolen data includes names, SSNs, TINs, financial info, and birth dates; company allegedly paid ransom to prevent leaks
• Victims offered free identity theft protection; attack possibly linked to Akira ransomware exploiting CVE-2024-40766

American fintech company Marquis Software Solutions apparently suffered a ransomware attack and allegedly even paid the attackers not to let the stolen data leak onto the dark web.

Earlier this week, the company filed a new report with Attorney General offices across the states, including Maine, Iowa, and Texas, and reached out to affected clients to notify them about the incident.

As per the reports, the attack took place on August 14, 2025, when crooks broke in through a vulnerability in the SonicWall firewall.

You may like

• Ransomware hackers attack SMBs being acquired to try and gain access to multiple companies
• Akira ransomware is now targeting Nutanix VMs - and scoring big rewards
• Major data breach at dealership software firm exposes 766,000 clients - here's what we know

Catch the price drop- Get 30% OFF for Enterprise and Business plans

The Black Friday campaign offers 30% off for Enterprise and Business plans for a 1- or 2-year subscription. It’s valid until December 10th, 2025. Customers must enter the promo code BLACKB2B-30 at checkout to redeem the offer.

View Deal

Hundreds of thousands of victims

"The review determined that the files contained personal information received from certain business customers," the data breach notification reads. "The personal information potentially involved for Maine residents includes names, addresses, phone numbers, Social Security numbers, Taxpayer Identification Numbers, financial account information without security or access codes, and dates of birth."

Citing notifications filed in multiple US states, BleepingComputer says that more than 400,000 customers, with accounts in 74 banks and credit unions, were affected. At press time, no threat actors took responsibility for the attack, and the data was not published, or leaked, anywhere.

At one point, Community 1st credit union claimed the company paid the ransom demand in order to protect the stolen files:

"Marquis paid a ransomware shortly after 08/14/25. On 10/27/25 C1st was notified that nonpublic personal information related to C1st members was included in the Marquis breach," the notification, which was later deleted, allegedly stated. It was seen by Comparitech. Marquis has not commented on these allegations.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsorsBy submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

The company is also offering the victims free identity theft and credit monitoring through Epiq Privacy Solutions ID.

While the identity of the attackers is unknown, there have been reports in the past of Akira ransomware abusing a bug in SonicWall SSL VPN devices to breach networks, deploy encryptors, and steal files. SonicWall fixed the vulnerability (now tracked as CVE-2024-40766) months ago, but it appears that not all organizations applied the fix on time.

Via BleepingComputer

The best antivirus for all budgetsOur top picks, based on real-world testing and comparisons

➡️ Read our full guide to the best antivirus1. Best overall:Bitdefender Total Security2. Best for families:Norton 360 with LifeLock3. Best for mobile:McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Sead FadilpašićSocial Links Navigation

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Logout Read more Ransomware hackers attack SMBs being acquired to try and gain access to multiple companies    Akira ransomware is now targeting Nutanix VMs - and scoring big rewards    Major data breach at dealership software firm exposes 766,000 clients - here's what we know    This long-exposed SonicWall flaw is being used to infect organizations with Akira ransomware - so patch now    SitusAMC hack may have exposed data at major financial heavyweights    Nearly 180k records exposed in billing platform breach - here’s what we know    Latest in Security Customer data stolen in Freedom Mobile account management platform hack    This DDoS group just smashed the previous record with a 29.7 Tbps attack    Microsoft quietly patches LNK vulnerability that's been weaponized for years    UK cybercrime agency blocks nearly 1 billion access attempts to malicious websites    North Korean 'fake worker' scheme caught live on camera    Iranian hacker group deploys malicious Snake game to target Egyptian and Israeli critical infrastructure    Latest in News AWS Graviton5 is its most powerful and efficient CPU to date - and could mean big changes for your key cloud workloads    Roblox, FaceTime become the last targets of Russia's censorship    Marvel Rivals now has a gacha mini-game featuring a limited-time Psylocke bundle – here's how it works    YouTube to lock out under-16s in Australia as controversial social media ban looms    Forget Spotify Wrapped, get back into CDs with FiiO’s gorgeous new portable player    Sony announces partnership with Bad Robot Games to produce and publish a new four-player, co-op shooter from Left 4 Dead director    LATEST ARTICLES

1. 1Warhammer 40,000: Dawn of War 4 gets a new story trailer teasing the playable Dark Angels faction ahead of its 2026 launch
2. 2Over 70 US banks and credit unions affected by Marquis ransomware breach - here's what we know
3. 3Looking to supercharge your Raspberry Pi? This adapter provides two full-sized HDMI ports and a PCIe connector - and it only costs $10
4. 4This tiny white tower packs an RTX 5060 GPU and a Ryzen 9 8945HX CPU, but looks nothing like a mini PC
5. 5Bending Spoons continues its spree of buying famous tech brands with the Eventbrite deal