A ransomware attack on fintech firm Marquis has exposed the personal and financial data of at least 400,000 banking customers across dozens of U.S. banks and credit unions. The August breach, only now being disclosed through state filings, represents one of the year's most significant financial sector cyberattacks, with stolen data including Social Security numbers, bank accounts, and credit card information.
The financial services sector just got hit with another devastating blow. Texas-based fintech company Marquis is scrambling to notify dozens of U.S. banks and credit unions that their customer data was stolen in what's shaping up to be one of 2024's most damaging ransomware attacks.
The breach, which occurred on August 14, has already confirmed at least 400,000 victims across Iowa, Maine, Texas, Massachusetts, and New Hampshire - and that number is climbing as more state disclosures roll in. Marquis serves as a critical backend provider for over 700 banking and credit union customers, giving the company access to vast troves of consumer financial data.
Texas bore the brunt of the attack, with 354,000 state residents having their data compromised. But the geographic spread tells a more troubling story - this isn't just a regional incident. According to Maine's attorney general disclosure, Maine State Credit Union customers alone accounted for roughly one in nine affected residents in that state.
What makes this breach particularly concerning is the scope of stolen data. The hackers didn't just grab email addresses - they walked away with the crown jewels of personal finance. Customer names, dates of birth, postal addresses, bank account numbers, debit and credit card information, and Social Security numbers were all compromised. It's essentially a complete identity theft starter pack for hundreds of thousands of Americans.
The attack vector reveals how sophisticated threat actors have become at exploiting enterprise infrastructure. Marquis confirmed that hackers exploited a zero-day vulnerability in its SonicWall firewall - a flaw that wasn't known to SonicWall or its customers before being weaponized. This type of attack represents every CISO's nightmare scenario: being hit by something you literally couldn't have prepared for.
While Marquis hasn't officially attributed the attack to any specific group, the timing and tactics point strongly toward the Akira ransomware gang. TechCrunch previously reported that Akira was behind a wave of attacks targeting SonicWall customers during the exact timeframe of the Marquis breach.
