On Aug. 14, 2025, BayFirst Financial Corp. learned that a third-party marketing provider, Marquis Software Solutions Inc., experienced a cybersecurity incident resulting in unauthorized access to sensitive customer data. The data breach exposed personally identifiable information (PII) of thousands of banking customers, including individuals banking with BayFirst.
Marquis, which provides digital and physical marketing services for BayFirst and other financial institutions, detected suspicious activity on its network and determined it was the victim of a ransomware attack. The attack exploited Marquis’ SonicWall firewall, allowing an unauthorized party to access and potentially acquire files from its systems.
After launching an investigation with cybersecurity experts and notifying law enforcement, Marquis reviewed the compromised files and found that personal information from several business customers, including BayFirst, was included.
For BayFirst customers, the Marquis Software Solutions data breach exposed names, dates of birth, Social Security or tax identification numbers, and financial information. According to the Maine Attorney General’s data breach notification, two Maine residents were affected, but the total number of individuals impacted nationwide has not been specified.
BayFirst's response
Upon learning of the breach, BayFirst worked closely with Marquis to assess the scope of the incident and understand the potential impact on its customers. Marquis immed
Source: https://www.claimdepot.com/data-breach/bayfirst-financial-2025
BayFirst cybersecurity rating report: https://www.rankiteo.com/company/bayfirstbank
"id": "BAY1764794190",
"linkid": "bayfirstbank",
"type": "Ransomware",
"date": "12/2025",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'incident': {'affected_entities': [{'customers_affected': 'Thousands (exact '
'number '
'unspecified)',
'industry': 'Banking',
'location': None,
'name': 'BayFirst Financial Corp.',
'size': None,
'type': 'Financial Institution'},
{'customers_affected': None,
'industry': 'Software/Marketing',
'location': None,
'name': 'Marquis Software Solutions Inc.',
'size': None,
'type': 'Third-Party Marketing Provider'}],
'attack_vector': 'Exploited vulnerability in SonicWall firewall',
'customer_advisories': 'Notification to affected customers',
'data_breach': {'data_encryption': None,
'data_exfiltration': 'Potential',
'file_types_exposed': None,
'number_of_records_exposed': None,
'personally_identifiable_information': 'Names, '
'dates of '
'birth, '
'Social '
'Security '
'or tax '
'identification '
'numbers, '
'financial '
'information',
'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Personally '
'identifiable '
'information (PII), '
'financial '
'information'},
'date_detected': '2025-08-14',
'description': 'BayFirst Financial Corp. learned that a '
'third-party marketing provider, Marquis Software '
'Solutions Inc., experienced a cybersecurity '
'incident resulting in unauthorized access to '
'sensitive customer data. The breach exposed '
'personally identifiable information (PII) of '
'thousands of banking customers, including '
'individuals banking with BayFirst. The attack '
'exploited Marquis’ SonicWall firewall, allowing '
'an unauthorized party to access and potentially '
'acquire files containing personal information '
'from several business customers, including '
'BayFirst.',
'impact': {'brand_reputation_impact': 'Potential reputational '
'damage to BayFirst '
'Financial Corp. and '
'Marquis Software '
'Solutions Inc.',
'conversion_rate_impact': None,
'customer_complaints': None,
'data_compromised': 'Personally identifiable '
'information (PII), financial '
'information',
'downtime': None,
'financial_loss': None,
'identity_theft_risk': 'High',
'legal_liabilities': None,
'operational_impact': None,
'payment_information_risk': 'High',
'revenue_loss': None,
'systems_affected': 'Marquis Software Solutions Inc. '
'network'},
'initial_access_broker': {'backdoors_established': None,
'data_sold_on_dark_web': None,
'entry_point': 'SonicWall firewall '
'vulnerability',
'high_value_targets': None,
'reconnaissance_period': None},
'investigation_status': 'Ongoing',
'post_incident_analysis': {'corrective_actions': None,
'root_causes': 'Exploited '
'vulnerability in '
'SonicWall firewall'},
'ransomware': {'data_encryption': None,
'data_exfiltration': 'Potential',
'ransom_demanded': None,
'ransom_paid': None,
'ransomware_strain': None},
'references': [{'date_accessed': None,
'source': 'Maine Attorney General’s data breach '
'notification',
'url': None}],
'regulatory_compliance': {'fines_imposed': None,
'legal_actions': None,
'regulations_violated': None,
'regulatory_notifications': 'Maine '
'Attorney '
'General’s '
'data '
'breach '
'notification'},
'response': {'adaptive_behavioral_waf': None,
'communication_strategy': 'Notification to affected '
'customers, disclosure '
'via Maine Attorney '
'General’s office',
'containment_measures': None,
'enhanced_monitoring': None,
'incident_response_plan_activated': 'Yes',
'law_enforcement_notified': 'Yes',
'network_segmentation': None,
'on_demand_scrubbing_services': None,
'recovery_measures': None,
'remediation_measures': None,
'third_party_assistance': 'Cybersecurity experts'},
'title': 'BayFirst Financial Corp. Third-Party Data Breach via '
'Marquis Software Solutions',
'type': 'Data Breach',
'vulnerability_exploited': 'SonicWall firewall vulnerability'}}