Hackers stole the personal and financial information of more than 780,000 individuals after hacking into the network of fintech firm Marquis.
The incident was discovered on August 14, but the investigation into the stolen information took until the end of October to complete.
Last week, Marquis started sending written notification letters to the affected individuals and filed data breach notices with Attorney General’s Offices in several US states.
“Our investigation determined that an unauthorized third party accessed our network and may have accessed and acquired certain files from our systems,” the notification letter filed with the Maine AGO reads.
According to Marquis, the hackers stole personal information such as names, addresses, Social Security numbers, dates of birth, and taxpayer identification numbers.
Additionally, they compromised financial information, including account numbers and credit/debit card numbers.
“At this time, we have no evidence of the misuse, or attempted misuse, of personal information as a result of this incident,” the notification letter reads.
Based on filings with Iowa, Maine, Massachusetts, New Hampshire, South Carolina, Texas, and Washington authorities, roughly 788,000 individuals have been affected by the Marquis data breach.
Advertisement. Scroll to continue reading.
Marquis is providing them with free credit monitoring and identity protection services for one or two years.
The company says the hackers gained access to its env
Source: https://www.securityweek.com/marquis-data-breach-impacts-over-780000-people/
TPRM report: https://www.rankiteo.com/company/marquis-inc
"id": "mar1764849321",
"linkid": "marquis-inc",
"type": "Breach",
"date": "08/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': '788000',
'industry': 'Financial Services',
'location': 'United States',
'name': 'Marquis',
'size': None,
'type': 'Fintech Firm'}],
'attack_vector': 'Unauthorized network access',
'customer_advisories': 'Written notification letters sent to '
'affected individuals',
'data_breach': {'data_encryption': None,
'data_exfiltration': 'Yes',
'file_types_exposed': None,
'number_of_records_exposed': '788000',
'personally_identifiable_information': ['Names',
'Addresses',
'Social '
'Security '
'numbers',
'Dates '
'of '
'birth',
'Taxpayer '
'identification '
'numbers',
'Account '
'numbers',
'Credit/debit '
'card '
'numbers'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personal '
'information',
'Financial '
'information']},
'date_detected': '2023-08-14',
'date_publicly_disclosed': '2023-11',
'description': 'Hackers stole the personal and financial '
'information of more than 780,000 individuals '
'after hacking into the network of fintech firm '
'Marquis. The incident was discovered on August '
'14, and the investigation concluded by the end '
'of October. Affected individuals were notified '
'via written letters, and data breach notices '
'were filed with multiple state Attorney '
'General’s Offices.',
'impact': {'brand_reputation_impact': 'Potential reputational '
'damage',
'conversion_rate_impact': None,
'customer_complaints': None,
'data_compromised': 'Personal and financial '
'information',
'downtime': None,
'financial_loss': None,
'identity_theft_risk': 'High',
'legal_liabilities': 'Potential regulatory fines and '
'legal actions',
'operational_impact': None,
'payment_information_risk': 'High',
'revenue_loss': None,
'systems_affected': 'Marquis network and systems'},
'initial_access_broker': {'backdoors_established': None,
'data_sold_on_dark_web': None,
'entry_point': None,
'high_value_targets': None,
'reconnaissance_period': None},
'investigation_status': 'Completed',
'post_incident_analysis': {'corrective_actions': None,
'root_causes': None},
'ransomware': {'data_encryption': None,
'data_exfiltration': None,
'ransom_demanded': None,
'ransom_paid': None,
'ransomware_strain': None},
'recommendations': 'Providing free credit monitoring and '
'identity protection services for one or two '
'years to affected individuals',
'references': [{'date_accessed': None,
'source': 'Maine Attorney General’s Office',
'url': None}],
'regulatory_compliance': {'fines_imposed': None,
'legal_actions': None,
'regulations_violated': None,
'regulatory_notifications': ['Maine '
'AGO',
'Iowa AGO',
'Massachusetts '
'AGO',
'New '
'Hampshire '
'AGO',
'South '
'Carolina '
'AGO',
'Texas '
'AGO',
'Washington '
'AGO']},
'response': {'adaptive_behavioral_waf': None,
'communication_strategy': 'Written notification '
'letters to affected '
'individuals and filings '
'with state Attorney '
'General’s Offices',
'containment_measures': None,
'enhanced_monitoring': None,
'incident_response_plan_activated': None,
'law_enforcement_notified': None,
'network_segmentation': None,
'on_demand_scrubbing_services': None,
'recovery_measures': None,
'remediation_measures': None,
'third_party_assistance': None},
'title': 'Marquis Data Breach - Personal and Financial '
'Information Theft',
'type': 'Data Breach'}