According to Techcrunch
The fintech company Marquis is warning dozens of US banks and credit unions about a data breach affecting their clients as a result of a cyberattack that occurred earlier this year.
Security changes became public this week after Marquis filed data breach notices in several states, confirming the August 14 incident as a ransomware attack.
Marquis, based in Texas, provides banks and other financial institutions with tools to collect and visualize all of their clients’ data in one place. According to the company, its client base consists of more than 700 clients among banks and credit unions, giving Marquis access to substantial volumes of consumer banking data nationwide.
At least 400,000 people are currently confirmed as victims of the breach, as evidenced by legal notices in Iowa, Maine, Texas, Massachusetts, and New Hampshire that TechCrunch has reviewed.
In Texas, the highest number of victims has been recorded – at least 354,000 people.
In its filing to Maine’s attorney general, Marquis noted that Maine State Credit Union’s clients constitute the majority of data breach notices or about one-tenth of known victims in this state.
The number of people affected by the breach is expected to rise as new notices come in from other states.
Marquis says that attackers stole clients’ names, dates of birth, postal addresses, and financial information, including bank account numbers, and debit and credit card numbers. Client Social Security numbers were
Source: https://mezha.net/eng/bukvy/marquis-fintech-data-breach-affects-over-400-000-us-bank-customers/
Marquis Data cybersecurity rating report: https://www.rankiteo.com/company/marquis-data
"id": "MAR1764797453",
"linkid": "marquis-data",
"type": "Ransomware",
"date": "8/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': '400,000+',
'industry': 'Financial Services',
'location': 'Texas, USA',
'name': 'Marquis',
'size': '700+ clients (banks and credit '
'unions)',
'type': 'Fintech Company'},
{'customers_affected': '~40,000 (one-tenth '
'of known victims '
'in Maine)',
'industry': 'Financial Services',
'location': 'Maine, USA',
'name': 'Maine State Credit Union',
'size': None,
'type': 'Credit Union'}],
'customer_advisories': 'Data breach notices issued to affected '
'clients',
'data_breach': {'data_encryption': None,
'data_exfiltration': 'Yes',
'file_types_exposed': None,
'number_of_records_exposed': '400,000+',
'personally_identifiable_information': 'Names, '
'dates of '
'birth, '
'postal '
'addresses, '
'Social '
'Security '
'numbers',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personal '
'Identifiable '
'Information (PII)',
'Financial '
'Information']},
'date_detected': '2023-08-14',
'description': 'Marquis, a fintech company providing data '
'aggregation tools to banks and credit unions, '
'suffered a ransomware attack on August 14, '
'resulting in a data breach affecting hundreds of '
'thousands of clients. Attackers stole sensitive '
'financial and personal information, including '
'names, dates of birth, postal addresses, bank '
'account numbers, and debit/credit card numbers. '
'Social Security numbers may also have been '
'compromised.',
'impact': {'brand_reputation_impact': None,
'conversion_rate_impact': None,
'customer_complaints': None,
'data_compromised': 'Names, dates of birth, postal '
'addresses, bank account numbers, '
'debit/credit card numbers, '
'Social Security numbers',
'downtime': None,
'financial_loss': None,
'identity_theft_risk': 'High',
'legal_liabilities': None,
'operational_impact': None,
'payment_information_risk': 'High',
'revenue_loss': None,
'systems_affected': None},
'initial_access_broker': {'backdoors_established': None,
'data_sold_on_dark_web': None,
'entry_point': None,
'high_value_targets': None,
'reconnaissance_period': None},
'post_incident_analysis': {'corrective_actions': None,
'root_causes': None},
'ransomware': {'data_encryption': None,
'data_exfiltration': 'Yes',
'ransom_demanded': None,
'ransom_paid': None,
'ransomware_strain': None},
'references': [{'date_accessed': None,
'source': 'TechCrunch',
'url': None}],
'regulatory_compliance': {'fines_imposed': None,
'legal_actions': None,
'regulations_violated': None,
'regulatory_notifications': 'Data '
'breach '
'notices '
'filed in '
'Iowa, '
'Maine, '
'Texas, '
'Massachusetts, '
'and New '
'Hampshire'},
'response': {'adaptive_behavioral_waf': None,
'communication_strategy': 'Data breach notices '
'filed in multiple states',
'containment_measures': None,
'enhanced_monitoring': None,
'incident_response_plan_activated': None,
'law_enforcement_notified': None,
'network_segmentation': None,
'on_demand_scrubbing_services': None,
'recovery_measures': None,
'remediation_measures': None,
'third_party_assistance': None},
'title': 'Marquis Data Breach Affecting US Banks and Credit '
'Unions',
'type': 'Ransomware'}