Norway Savings Bank, a mutual banking institution serving over 38,000 households in Maine, suffered a ransomware attack on Marquis Software Solutions, its third-party vendor, on August 14, 2025. An unauthorized external actor breached Marquis’s data environment, exposing sensitive personally identifiable information (PII) of 51,000 U.S. individuals, including 44,259 in Maine alone. Compromised data included names, addresses, dates of birth, Social Security numbers, Tax ID numbers, and financial account details. Marquis paid a ransom to contain the incident, but stolen data later surfaced on criminal marketplaces, indicating a failure to fully mitigate the breach. The incident was reported to Maine’s Attorney General on November 21, 2025, with affected individuals notified via mail. The breach did not directly impact Norway Savings Bank’s internal systems but exposed customer data managed by Marquis, triggering potential identity theft, financial fraud, and legal repercussions. Affected individuals were offered free identity theft protection (IDX) and advised to monitor accounts, place fraud alerts, and seek legal compensation through class-action lawsuits.
Source: https://www.claimdepot.com/investigations/norway-savings-bank-data-breach-2025
Norway Savings Bank cybersecurity rating report: https://www.rankiteo.com/company/norway-savings-bank
"id": "NOR4492544112125",
"linkid": "norway-savings-bank",
"type": "Ransomware",
"date": "8/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'customers_affected': '44,259 (in Maine), 51,000 '
'(total in U.S.)',
'industry': 'financial services',
'location': 'Norway, Maine, USA',
'name': 'Norway Savings Bank (NSB)',
'size': '300+ employees, serves 38,000+ households',
'type': 'mutual banking and financial services '
'company'},
{'industry': 'financial technology (fintech)',
'name': 'Marquis Software Solutions',
'type': 'third-party software provider'}],
'attack_vector': 'ransomware (unauthorized external access)',
'customer_advisories': ['Enroll in free IDX identity theft protection.',
'Monitor financial statements for fraud.',
'Consider placing a fraud alert or credit freeze.',
'Contact financial institutions if unauthorized '
'activity is detected.',
'Consult legal representatives for compensation '
'claims.'],
'data_breach': {'data_exfiltration': True,
'number_of_records_exposed': '51,000 (U.S.), 44,259 (Maine)',
'personally_identifiable_information': ['names',
'addresses',
'dates of birth',
'Social Security '
'numbers (SSNs)',
'Tax ID numbers',
'financial account '
'information'],
'sensitivity_of_data': 'high',
'type_of_data_compromised': ['personally identifiable '
'information (PII)']},
'date_detected': '2025-08-14',
'date_publicly_disclosed': '2025-11-21',
'description': 'Marquis Software Solutions, a third-party provider for Norway '
'Savings Bank (NSB), discovered a ransomware attack on August '
'14, 2025, where an unauthorized external actor gained access '
'to portions of its data environment. The breach impacted data '
'managed for NSB and other clients, exposing sensitive '
'personally identifiable information (PII) of approximately '
'51,000 individuals in the U.S., with 44,259 in Maine. Marquis '
'paid a ransom, but some stolen data surfaced on criminal '
'marketplaces. The breach was reported to the Maine Attorney '
"General's office on November 21, 2025, and affected "
'individuals were notified by mail.',
'impact': {'brand_reputation_impact': 'potential reputational damage to '
'Norway Savings Bank and Marquis '
'Software Solutions',
'data_compromised': True,
'identity_theft_risk': 'high (PII exposed)',
'legal_liabilities': 'potential class action lawsuits and '
'compensation claims',
'payment_information_risk': 'high (financial account information '
'exposed)',
'systems_affected': ["Marquis Software Solutions' data environment "
'(third-party provider for NSB)']},
'initial_access_broker': {'data_sold_on_dark_web': True,
'high_value_targets': ['financial account '
'information',
'PII (SSNs, Tax IDs)']},
'investigation_status': 'ongoing (class action investigation by Shamis & '
'Gentile P.A.)',
'motivation': 'financial (ransom demand, data exfiltration for sale)',
'ransomware': {'data_encryption': True,
'data_exfiltration': True,
'ransom_paid': True},
'recommendations': ['Sign up for free IDX identity theft protection services '
'offered by Norway Savings Bank.',
'Monitor financial accounts for suspicious activity or '
'unauthorized transactions.',
'Place a fraud alert with credit bureaus to prevent '
'unauthorized account openings.',
'Request free annual credit reports from major credit '
'bureaus.',
'Seek legal counsel to understand rights and potential '
'compensation eligibility.'],
'references': [{'source': 'Shamis & Gentile P.A. (class action investigation '
'page)'},
{'date_accessed': '2025-11-21',
'source': "Maine Attorney General's office (regulatory "
'filing)'}],
'regulatory_compliance': {'legal_actions': ['potential class action lawsuits',
'investigation by Shamis & '
'Gentile P.A.'],
'regulatory_notifications': ['Maine Attorney '
"General's office "
'(reported on '
'2025-11-21)']},
'response': {'communication_strategy': ['regulatory filing with Maine '
"Attorney General's office",
'direct mail notifications to '
'affected individuals',
'public advisory via Shamis & Gentile '
'P.A. for class action investigation'],
'containment_measures': ['ransom payment to contain incident'],
'incident_response_plan_activated': True,
'recovery_measures': ['notification to affected individuals via '
'mail',
'offer of free IDX identity theft '
'protection services']},
'stakeholder_advisories': ['notification letters to affected individuals',
'public advisory for legal rights and compensation '
'eligibility'],
'threat_actor': 'unauthorized external actor (unknown specific group)',
'title': 'Marquis Software Solutions (NSB Data) Data Breach and Ransomware '
'Attack',
'type': ['data breach', 'ransomware attack']}