The breach likely linked to the Akira ransomware gang that was targeting SonicWall customers during that timeframe
A ransomware attack on fintech firm Marquis has exposed the personal and financial data of at least 400,000 banking customers across dozens of U.S. banks and credit unions. The August breach, only now being disclosed through state filings, represents one of the year's most significant financial sector cyberattacks, with stolen data including Social Security numbers, bank accounts, and credit card information.
The financial services sector just got hit with another devastating blow. Texas-based fintech company Marquis is scrambling to notify dozens of U.S. banks and credit unions that their customer data was stolen in what's shaping up to be one of 2024's most damaging ransomware attacks.
The breach, which occurred on August 14, has already confirmed at least 400,000 victims across Iowa, Maine, Texas, Massachusetts, and New Hampshire - and that number is climbing as more state disclosures roll in. Marquis serves as a critical backend provider for over 700 banking and credit union customers, giving the company access to vast troves of consumer financial data.
Texas bore the brunt of the attack, with 354,000 state residents having their data compromised. But the geographic spread tells a more troubling story - this isn't just a regional incident. According to Maine's attorney general disclosure, Maine State Credit Union customers alone accounted for roughly one
Source: https://www.techbuzz.ai/articles/marquis-ransomware-attack-hits-400k-bank-customers
Marquis cybersecurity rating report: https://www.rankiteo.com/company/marquis-software-solutions
"id": "MAR1764814193",
"linkid": "marquis-software-solutions",
"type": "Ransomware",
"date": "8/2024",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': '400,000+ (and '
'growing)',
'industry': 'Financial Services',
'location': 'Texas, USA',
'name': 'Marquis (primary victim)',
'size': None,
'type': 'Fintech Company'},
{'customers_affected': None,
'industry': 'Banking',
'location': ['Iowa',
'Maine',
'Texas',
'Massachusetts',
'New Hampshire'],
'name': 'Dozens of U.S. banks and credit '
'unions (secondary victims)',
'size': None,
'type': 'Financial Institutions'},
{'customers_affected': None,
'industry': 'Financial Services',
'location': 'Maine, USA',
'name': 'Maine State Credit Union',
'size': None,
'type': 'Credit Union'}],
'customer_advisories': 'Pending (via partner institutions)',
'data_breach': {'data_encryption': None,
'data_exfiltration': 'Confirmed',
'file_types_exposed': None,
'number_of_records_exposed': '400,000+',
'personally_identifiable_information': 'Yes '
'(Social '
'Security '
'numbers, '
'financial '
'records)',
'sensitivity_of_data': 'High (SSNs, bank '
'accounts, credit cards)',
'type_of_data_compromised': ['Personally '
'Identifiable '
'Information (PII)',
'Financial Data']},
'date_detected': '2024-08-14',
'description': 'A ransomware attack on Texas-based fintech firm '
'Marquis exposed the personal and financial data '
'of at least 400,000 banking customers across '
'dozens of U.S. banks and credit unions. The '
'breach, linked to the Akira ransomware gang, '
'occurred on August 14, 2024, and included stolen '
'data such as Social Security numbers, bank '
'accounts, and credit card information. The '
'attack is considered one of the most significant '
'financial sector cyber incidents of 2024, with '
'Texas being the hardest hit (354,000 victims).',
'impact': {'brand_reputation_impact': 'High (trust erosion in '
'financial sector, media '
'coverage)',
'conversion_rate_impact': None,
'customer_complaints': None,
'data_compromised': ['Social Security numbers',
'Bank account details',
'Credit card information',
'Personally identifiable '
'information (PII)'],
'downtime': None,
'financial_loss': None,
'identity_theft_risk': 'High (SSNs and financial data '
'exposed)',
'legal_liabilities': 'Potential (regulatory fines, '
'lawsuits from affected '
'individuals/institutions)',
'operational_impact': 'Significant (ongoing '
'notifications, reputational '
'damage, regulatory scrutiny)',
'payment_information_risk': 'High (credit card and '
'bank account details '
'compromised)',
'revenue_loss': None,
'systems_affected': None},
'initial_access_broker': {'backdoors_established': None,
'data_sold_on_dark_web': None,
'entry_point': None,
'high_value_targets': 'Financial data '
'of 700+ '
'banking/credit '
'union customers',
'reconnaissance_period': None},
'investigation_status': 'Ongoing (state disclosures in progress)',
'motivation': 'Financial gain (data theft and likely ransom '
'demand)',
'post_incident_analysis': {'corrective_actions': None,
'root_causes': None},
'ransomware': {'data_encryption': None,
'data_exfiltration': 'Confirmed',
'ransom_demanded': None,
'ransom_paid': None,
'ransomware_strain': 'Akira (suspected)'},
'references': [{'date_accessed': None,
'source': 'State regulatory filings (e.g., Maine '
'Attorney General)',
'url': None},
{'date_accessed': None,
'source': 'Media reports on Akira ransomware '
'targeting SonicWall customers',
'url': None}],
'regulatory_compliance': {'fines_imposed': None,
'legal_actions': 'Potential (pending '
'investigations)',
'regulations_violated': None,
'regulatory_notifications': 'Ongoing '
'(state-level '
'disclosures, '
'e.g., '
'Maine, '
'Texas)'},
'response': {'adaptive_behavioral_waf': None,
'communication_strategy': 'State-level disclosures '
'(e.g., Maine Attorney '
'General)',
'containment_measures': None,
'enhanced_monitoring': None,
'incident_response_plan_activated': 'Likely '
'(notifications '
'in progress)',
'law_enforcement_notified': None,
'network_segmentation': None,
'on_demand_scrubbing_services': None,
'recovery_measures': 'Ongoing customer '
'notifications via state '
'filings',
'remediation_measures': None,
'third_party_assistance': None},
'stakeholder_advisories': 'Notifications to affected '
'banks/credit unions',
'threat_actor': 'Akira ransomware gang (suspected)',
'title': 'Ransomware Attack on Fintech Firm Marquis Exposes Data '
'of 400,000+ Banking Customers',
'type': 'Ransomware Attack / Data Breach'}