Massive Ransomware Attack on Fintech Firm Exposes 1.35 Million Bank Customers
A ransomware attack on U.S.-based fintech provider Marquis, which serves over 700 banks and credit unions, has compromised the personal and financial data of nearly 1.35 million customers—far exceeding initial estimates of 400,000. The breach, disclosed between October 27 and November 25, exposed sensitive details, including bank account numbers, debit and credit card information, across at least 74 of Marquis’s clients.
The incident underscores a critical vulnerability in the financial sector’s supply chain security, particularly the often-overlooked risk posed by "fourth-party" vendors—the suppliers of a bank’s third-party providers. The attack exploited a vulnerability in a SonicWall firewall used by Marquis, highlighting gaps in due diligence. While 95% of bank directors assess third-party security, only 40% extend scrutiny to fourth parties, according to cybersecurity firm Qualys.
The fallout is expected to reshape risk management practices. Banks are likely to tighten vendor contracts, demand continuous vulnerability scanning, and face higher cyber insurance premiums—which have already surged 30-50% post-breach. Regulators may also intervene, with U.S. agencies (FDIC/OCC) and UK authorities (FCA/PRA) poised to impose stricter controls, including mandatory monitoring and shared encryption responsibilities.
Beyond financial penalties, the breach could lead to brand damage, executive liability, and even judicial consequences for institutions failing to secure their supply chains. The attack aligns with broader trends: a Semperis report reveals that 52% of ransomware incidents occur on weekends or holidays, while attackers increasingly use regulatory complaints and physical threats as extortion tactics. The incident serves as a stark reminder of the escalating sophistication of cybercriminals targeting financial infrastructure.
Source: https://www.thebanker.com/content/249122d1-724e-41fa-a7e6-e696bc9518a8
Marquis TPRM report: https://www.rankiteo.com/company/marquis-inc
"id": "mar1767095032",
"linkid": "marquis-inc",
"type": "Ransomware",
"date": "10/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': '1.35 million end customers',
'industry': 'Financial Services',
'location': 'US',
'name': 'Marquis',
'size': 'Supplier to over 700 banks and credit unions',
'type': 'Fintech Firm'},
{'industry': 'Banking',
'location': 'US',
'name': '74 Marquis clients (banks and credit unions)',
'type': 'Financial Institutions'}],
'attack_vector': 'Vulnerability in SonicWall firewall',
'data_breach': {'number_of_records_exposed': '1.35 million',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High (bank account numbers, '
'debit/credit card numbers)',
'type_of_data_compromised': 'Personal and financial details'},
'date_publicly_disclosed': '2023-10-27',
'description': 'A ransomware attack on fintech firm Marquis, a supplier '
'serving over 700 banks and credit unions in the US, '
'compromised the accounts of nearly 1.35 million end '
'customers. The attack exposed sensitive personal and '
'financial details, including bank account numbers and '
'debit/credit card numbers, highlighting vulnerabilities in '
"the financial sector's supply chain, particularly "
'fourth-party risks.',
'impact': {'brand_reputation_impact': 'Significant brand damage expected',
'data_compromised': 'Bank account numbers, debit and credit card '
'numbers, and other personal details',
'identity_theft_risk': 'High',
'legal_liabilities': 'Potential heavy penalties and judicial '
'penalties for executives',
'operational_impact': 'Disruption to banking services and supply '
'chain operations',
'payment_information_risk': 'High',
'systems_affected': 'Marquis systems and those of its banking '
'clients'},
'initial_access_broker': {'entry_point': 'SonicWall firewall vulnerability'},
'lessons_learned': 'The attack underscores the critical need for banks to '
'extend security scrutiny to fourth-party vendors and '
'enforce continuous monitoring, shared responsibility for '
'data encryption, and stricter due diligence in supply '
'chain risk management.',
'post_incident_analysis': {'corrective_actions': 'Enhanced due diligence, '
'continuous monitoring, and '
'regulatory compliance '
'measures',
'root_causes': 'Vulnerability in SonicWall '
'firewall and lack of fourth-party '
'risk assessment'},
'recommendations': ['Extend security assessments to fourth-party vendors',
'Implement continuous vulnerability scanning',
'Enforce shared responsibility for data encryption',
'Review and update third-party contracts',
'Enhance operational resilience and regulatory compliance',
'Prepare for increased insurance premiums and regulatory '
'scrutiny'],
'references': [{'source': 'Comparitech'},
{'source': 'Qualys'},
{'source': 'Certes'},
{'source': 'SureShield'},
{'source': 'Semperis'}],
'regulatory_compliance': {'fines_imposed': 'Expected heavy financial fines',
'legal_actions': 'Potential judicial penalties for '
'executives',
'regulatory_notifications': 'Expected accelerated '
'FDIC/OCC guidance in '
'the US and tighter '
'FCA/PRA deadlines in '
'the UK'},
'response': {'communication_strategy': 'Notified business clients between '
'October 27 and November 25',
'enhanced_monitoring': 'Expected demand for continuous '
'vulnerability scanning'},
'stakeholder_advisories': 'Banks advised to review existing contracts, demand '
'proof of continuous vulnerability scanning, and '
'prepare for stricter regulatory controls.',
'title': 'Ransomware Attack on Fintech Firm Marquis',
'type': 'Ransomware',
'vulnerability_exploited': 'SonicWall firewall vulnerability'}