On Nov. 4, 2025, Anderson Bancshares Inc., the parent company of Anderson Brothers Bank, discovered that a data breach had compromised the personal information of thousands of its customers. The incident was traced to a third-party vendor, Marquis Software Solutions, which provides digital and physical marketing and communications services for the bank.
According to the company’s disclosure to the Maine Attorney General, an unauthorized party gained access to Marquis’ systems as early as Aug. 14, 2025, exposing sensitive customer information.
The breach did not involve Anderson Brothers Bank’s own internal systems. Instead, the unauthorized access occurred solely within Marquis’ environment. Marquis informed Anderson Bancshares Inc. of the incident on Oct. 28, 2025, after conducting an internal investigation. As a result, Anderson Bancshares Inc. only recently learned that their customer information may have been impacted.
The information exposed in this breach included names, dates of birth, Social Security numbers and financial account information.
In total, 3,272 individuals in the United States were affected by this breach, including one resident of Maine. The company began notifying affected consumers in writing on Dec. 5, 2025. For more details, the official breach notification is available on the Maine Attorney General’s data breach portal.
Anderson Bancshares' response
As a precaution, the company is offering one year of complimentary credit monitoring and ident
Source: https://www.claimdepot.com/data-breach/anderson-bank-2025
Anderson Brothers Bank cybersecurity rating report: https://www.rankiteo.com/company/anderson-brothers-bank
"id": "AND1765079748",
"linkid": "anderson-brothers-bank",
"type": "Breach",
"date": "11/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'incident': {'affected_entities': [{'customers_affected': '3272',
'industry': 'Financial Services',
'location': 'United States',
'name': 'Anderson Bancshares Inc. '
'(Anderson Brothers Bank)',
'size': None,
'type': 'Bank'},
{'customers_affected': None,
'industry': 'Digital and Physical '
'Marketing/Communications',
'location': None,
'name': 'Marquis Software Solutions',
'size': None,
'type': 'Third-Party Vendor'}],
'attack_vector': 'Third-Party Vendor Compromise',
'customer_advisories': 'One year of complimentary credit '
'monitoring and identity theft protection '
'services offered to affected customers',
'data_breach': {'data_encryption': None,
'data_exfiltration': None,
'file_types_exposed': None,
'number_of_records_exposed': '3272',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Names',
'Dates of Birth',
'Social Security '
'Numbers',
'Financial Account '
'Information']},
'date_detected': '2025-11-04',
'date_publicly_disclosed': '2025-12-05',
'description': 'Anderson Bancshares Inc., the parent company of '
'Anderson Brothers Bank, discovered a data breach '
'compromising the personal information of '
'thousands of customers due to unauthorized '
"access to a third-party vendor's systems, "
'Marquis Software Solutions.',
'impact': {'brand_reputation_impact': None,
'conversion_rate_impact': None,
'customer_complaints': None,
'data_compromised': 'Personal and financial '
'information',
'downtime': None,
'financial_loss': None,
'identity_theft_risk': 'High',
'legal_liabilities': None,
'operational_impact': None,
'payment_information_risk': 'High',
'revenue_loss': None,
'systems_affected': "Marquis Software Solutions' "
'systems'},
'initial_access_broker': {'backdoors_established': None,
'data_sold_on_dark_web': None,
'entry_point': None,
'high_value_targets': None,
'reconnaissance_period': None},
'investigation_status': 'Completed (Internal Investigation by '
'Marquis Software Solutions)',
'post_incident_analysis': {'corrective_actions': None,
'root_causes': 'Unauthorized access '
'to third-party vendor '
'systems'},
'ransomware': {'data_encryption': None,
'data_exfiltration': None,
'ransom_demanded': None,
'ransom_paid': None,
'ransomware_strain': None},
'references': [{'date_accessed': None,
'source': "Maine Attorney General's data breach "
'portal',
'url': None}],
'regulatory_compliance': {'fines_imposed': None,
'legal_actions': None,
'regulations_violated': None,
'regulatory_notifications': ['Maine '
'Attorney '
"General's "
'data '
'breach '
'portal']},
'response': {'adaptive_behavioral_waf': None,
'communication_strategy': 'Written notifications to '
'affected consumers',
'containment_measures': None,
'enhanced_monitoring': None,
'incident_response_plan_activated': None,
'law_enforcement_notified': None,
'network_segmentation': None,
'on_demand_scrubbing_services': None,
'recovery_measures': None,
'remediation_measures': None,
'third_party_assistance': None},
'threat_actor': 'Unauthorized Party',
'title': 'Anderson Bancshares Inc. Data Breach via Third-Party '
'Vendor',
'type': 'Data Breach'}}