Mar 19, 2026 · 5 min read
One Vendor Got Hacked and 80 Banks Lost Your Data
A ransomware attack on fintech firm Marquis exposed Social Security numbers and bank accounts from over 780,000 customers across dozens of financial institutions.
The Breach Nobody Saw Coming
On August 14, 2025, ransomware attackers hit Marquis Software Solutions, a Texas based fintech firm that provides marketing, analytics, and compliance tools to over 700 banks and credit unions across the United States. The attackers exploited a known vulnerability in Marquis's SonicWall firewall, bypassed multifactor authentication, and copied files containing some of the most sensitive data a financial institution can hold.
Seven months later, the toll is still growing. Regulatory filings as of March 18, 2026, show at least 780,000 people affected across more than 80 banks and credit unions. Some estimates put the number above 1.3 million.
What Was Stolen
The stolen data reads like a checklist for identity theft:
- Social Security numbers
- Taxpayer Identification Numbers
- Bank account numbers
- Debit and credit card numbers
- Names, addresses, phone numbers, and dates of birth
This is not the kind of breach where attackers get email addresses and hashed passwords. This is complete financial identity data—the kind that enables account takeover, fraudulent loans, and tax refund theft for years after the initial exposure.
The Blame Chain
What makes this breach unusual is the public finger pointing between vendors. Marquis did not just disclose the breach—it sued its firewall provider, SonicWall, in federal court.
According to the lawsuit, SonicWall introduced an API change in February 2025 that created a vulnerability allowing attackers to access customer firewall configuration backups without proper authentication. Marquis alleges that SonicWall itself suffered a data breach that exposed critical security information about its customers' firewalls, giving attackers the credentials they needed to launch the ransomware attack.
The attack chain illustrates a cascading third party risk problem: a security vendor (SonicWall) introduced a flaw, which was exploited to breach a fintech vendor (Marquis), which in turn exposed the sensitive data of customers belonging to 80+ banks that trusted Marquis with their information.
Why Your Bank Could Not Protect You
Several affected banks did not initially know what types of data Marquis held on their behalf. Bank employees had been entering customer information directly into Marquis's platform for CRM workflows, marketing campaigns, and compliance reporting. When the breach happened, some institutions had to work backward to figure out which of their customers were exposed.
As cybersecurity firm SBS noted in its analysis: "Annual questionnaires alone do not confirm whether firewalls are patched, VPN accounts are secured, or unused credentials have been removed." The financial industry's standard approach to vendor risk management—sending a compliance questionnaire once a year—was not designed for this kind of threat.
What You Should Do
If you bank with a community bank or credit union in the United States, you may be affected even if you have not received a notification letter. The breach impacted institutions across multiple states, with the largest concentrations in Texas (354,289 people) and Washington (269,773 people).
- Freeze your credit with all three bureaus (Equifax, Experian, TransUnion). This is free and prevents anyone from opening new accounts in your name.
- Monitor your bank statements for unauthorized transactions, especially small test charges.
- File your taxes early to prevent fraudulent refund claims using your stolen SSN.
- Check for notification letters from Marquis or your bank, which may include complimentary credit monitoring through Epiq.
The exposed data will circulate in criminal markets for years. A credit freeze remains the single most effective defense against identity theft from breaches like this one.