Marquis Software Solutions Data Breach Exposed Over 672,000 Individuals

Late last year, Texas-based financial technology provider Marquis Software Solutions revealed that it suffered a sophisticated ransomware attack in mid-August that compromised the sensitive data of customers across dozens of its bank and credit union clients. Now, the fintech firm has officially confirmed the staggering scope of the fallout, revealing that it is actively notifying 672,075 individuals to warn them that hackers have successfully exfiltrated their personal and financial information.

The compromised data encompasses a wide array of highly sensitive records, including full names, dates of birth, postal addresses, Social Security numbers, Taxpayer Identification Numbers, as well as bank account, debit, and credit card numbers. Marquis, which provides digital and physical marketing products alongside complex compliance software and services to more than 700 financial institutions, serves as a critical third-party vendor in the financial services sector, meaning the breach has triggered a massive downstream operational and regulatory crisis for at least 74 affected banks and credit unions.

Subsequent investigations into the breach concluded that an unauthorized third party, widely suspected by cybersecurity researchers to be the Akira ransomware syndicate, accessed the Marquis network through its SonicWall firewall infrastructure. However, the mechanics of the intrusion highlight a severe supply chain vulnerability rather than a direct brute-force attack on Marquis's primary defenses. According to recent disclosures, the threat actors did not breach the systems by exploiting an unpatched firewall vulnerability, but rather by utilizing sensitive information obtained from firewall configuration backup files.

These critical files were allegedly stolen months prior, during a separate, unauthorized intrusion into SonicWall's "MySonicWall" online customer portal in February 2025. The stolen backup configurations contained incredibly detailed blueprints of Marquis's security environment, including exposed credentials and unencrypted multi-factor authentication (MFA) scratch codes. By possessing these legitimate emergency bypass tools, the attackers were able to seamlessly circumvent Marquis's multi-factor authentication protocols, effectively turning secondary recovery paths into an open door for network reconnaissance and massive data exfiltration.

In response to the catastrophic breach and the resulting commercial fallout, Marquis escalated the situation last month by filing a comprehensive lawsuit against SonicWall in a Texas federal court. The litigation alleges that the cybersecurity vendor failed to exercise reasonable care in safeguarding its cloud backup services and actively misrepresented the true scope and severity of its own earlier breach. Marquis claims that SonicWall introduced an exploitable API vulnerability that allowed attackers to guess predictable device serial numbers and access customer backups without proper authentication.

Furthermore, the lawsuit accuses SonicWall of failing to encrypt uniquely sensitive elements within those backups, such as the MFA scratch codes that ultimately facilitated the ransomware deployment. Marquis is seeking damages for immense reputational and financial harm, citing premature contract terminations, withheld payments from furious clients, and the fact that the fintech is now defending itself against dozens of class-action lawsuits stemming from the August incident. As the legal battle unfolds, the Marquis breach stands as a sobering case study for the financial industry, underscoring the severe compounded risks associated with vendor reliance, the critical necessity of securing secondary authentication recovery paths, and the devastating ripple effects of supply chain compromises.