InfoSecBulletin Cybersecurity for mankind
Marquis Software Solutions has announced a data breach affecting multiple banks and credit unions in the US. Marquis Software Solutions offers data analytics, CRM tools, compliance reporting, and digital marketing to more than 700 banks, credit unions, and mortgage lenders.
Marquis reported a ransomware attack on August 14, 2025, in notifications to US Attorney General offices. This allowed the hackers to steal “certain files from its systems” during the attack.
ALERT
Cisco SD-WAN Zero-Day, FortiSandbox and cPanel flaws exploited in attacks
“Panthalassa” builds floating AI data centers powered by ocean waves
Critical Wazuh Vuln Enables Alert Tampering and Evidence Deletion
CVE-2026-0257
Palo Alto Warns of GlobalProtect VPN Vuln Actively Exploited
BD Gov.t to set up Tk192.66cr AI hub with support from Koica
Critical Splunk Enterprise Pre-Auth RCE Chain Exposes Databases With Zero Authentication
Anthropic disables Fable 5 and Mythos 5 Access after US order limiting foreign access
Using AI, Researcher Hacks Google and Earns $500,000 Bug Bounty
Chrome 149 fixes 28 flaws, including critical UAF bugs
Dahua patches multiple critical vulnerabilities in its products
“The review determined that the files contained personal information received from certain business customers,” reads a notification filed with Maine’s AG office.
“The personal information potentially involved for Maine residents includes names, addresses, phone numbers, Social Security numbers, Taxpayer Identification Numbers, financial account information without security or access codes, and dates of birth.”
Marquis is filing notifications for its customers, detailing how many people were affected per bank in each state. These alerts indicate that similar data was compromised for customers in other states as well.
Over 400,000 customers have been affected by 74 banks and credit unions in Maine, Iowa, and Texas, according to filings. Marquis states that there is currently no evidence of data misuse or publication.
A deleted filing by Community 1st Credit Union mentioned that Marquis paid a ransom to prevent the misuse of stolen data, as previously reported by Comparitech.
“Marquis paid a ransomware shortly after 08/14/25. On 10/27/25 C1st was notified that nonpublic personal information related to C1st members was included in the Marquis breach,” reads the deleted notification seen by Comparitech.
While the company’s data breach notifications state only that it has “taken steps to reduce the risk of this type of incident,” a filing by CoVantage Credit Union with the New Hampshire AG shares further details about how the company is increasing security.
This notification states that Marquis has now enhanced its security controls by doing the following:
Ensuring that all firewall devices are fully patched and up to date,
Rotating passwords for local accounts,
Deleting old or unused accounts,
Ensuring that multi-factor authentication is enabled for all firewall and virtual private network (“VPN”) accounts,
Increasing logging retention for firewall devices
Applying account lock-out policies at the VPN for too many failed logins,
Applying geo-IP filtering to only allow connections from specific countries needed for business operations, and
Applying policies to automatically block connections to/from known Botnet Command and Control servers at the firewall.
These steps indicate that the threat actors likely gained access to the company network through a SonicWall VPN account, a known tactic used by some ransomware gangs, especially Akira ransomware.
