On Aug. 14, 2025, Time Bank, a U.S.-based community bank, was impacted by a data breach that originated with one of its service providers, Marquis Software Solutions Inc. The cybersecurity breach compromised personally identifiable information (PII) of at least 3,944 Time Bank customers across the U.S.
According to official notices, Marquis, a marketing and communications vendor, detected suspicious activity on its network and determined it was the victim of a ransomware attack. So far, the breach has impacted at least 3,942 residents in Iowa, nine in Washington, and two in Maine.
Compromised information included names, addresses, phone numbers, Social Security numbers, Taxpayer Identification Numbers, financial account information (without security or access codes), and dates of birth. This is all considered personally identifiable information (PII); no protected health information (PHI) was involved.
Beginning on Nov. 26, 2025, the Marquis data breach was disclosed to the Attorney General's offices in Iowa, Maine, and Washington. The breach is considered serious due to the sensitive nature of the data exposed and the use of ransomware, a method where attackers encrypt data and demand payment for its return.
Time Bank's response
In response to the incident, Marquis immediately launched an investigation with the help of cybersecurity experts and notified federal law enforcement. The company reviewed the affected files to identify impacted individuals and is coordinating
Source: https://www.claimdepot.com/data-breach/time-bank-2025
Time Bank cybersecurity rating report: https://www.rankiteo.com/company/time-bank-1
"id": "TIM1764888057",
"linkid": "time-bank-1",
"type": "Ransomware",
"date": "8/2025",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '3,944',
'industry': 'Banking/Financial Services',
'location': 'U.S.',
'name': 'Time Bank',
'size': None,
'type': 'Community Bank'},
{'customers_affected': None,
'industry': 'Technology/Software',
'location': 'U.S.',
'name': 'Marquis Software Solutions Inc.',
'size': None,
'type': 'Service Provider (Marketing and '
'Communications)'}],
'attack_vector': 'Third-party vendor (Marquis Software Solutions '
'Inc.)',
'data_breach': {'data_encryption': 'Yes (ransomware)',
'data_exfiltration': None,
'file_types_exposed': None,
'number_of_records_exposed': '3,944',
'personally_identifiable_information': ['Names',
'Addresses',
'Phone '
'numbers',
'Social '
'Security '
'numbers',
'Taxpayer '
'Identification '
'Numbers',
'Financial '
'account '
'information '
'(without '
'security/access '
'codes)',
'Dates '
'of '
'birth'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Personally '
'identifiable '
'information (PII)'},
'date_detected': '2025-08-14',
'date_publicly_disclosed': '2025-11-26',
'description': 'Time Bank, a U.S.-based community bank, was '
'impacted by a data breach originating from its '
'service provider, Marquis Software Solutions '
'Inc. The breach compromised personally '
'identifiable information (PII) of at least 3,944 '
'Time Bank customers across the U.S. due to a '
"ransomware attack on Marquis's network.",
'impact': {'brand_reputation_impact': 'Likely significant',
'conversion_rate_impact': None,
'customer_complaints': None,
'data_compromised': 'Personally identifiable '
'information (PII)',
'downtime': None,
'financial_loss': None,
'identity_theft_risk': 'High',
'legal_liabilities': 'Potential',
'operational_impact': None,
'payment_information_risk': 'Moderate (financial '
'account information '
'exposed without '
'security/access codes)',
'revenue_loss': None,
'systems_affected': 'Marquis Software Solutions Inc. '
'network'},
'initial_access_broker': {'backdoors_established': None,
'data_sold_on_dark_web': None,
'entry_point': None,
'high_value_targets': None,
'reconnaissance_period': None},
'investigation_status': 'Ongoing',
'motivation': 'Ransomware (financial gain)',
'post_incident_analysis': {'corrective_actions': None,
'root_causes': None},
'ransomware': {'data_encryption': 'Yes',
'data_exfiltration': None,
'ransom_demanded': None,
'ransom_paid': None,
'ransomware_strain': None},
'references': [{'date_accessed': None,
'source': 'Official notices',
'url': None}],
'regulatory_compliance': {'fines_imposed': None,
'legal_actions': None,
'regulations_violated': None,
'regulatory_notifications': 'Notified '
'Attorney '
'General '
'offices '
'in Iowa, '
'Maine, '
'and '
'Washington'},
'response': {'adaptive_behavioral_waf': None,
'communication_strategy': 'Disclosure to Attorney '
'General offices in Iowa, '
'Maine, and Washington',
'containment_measures': None,
'enhanced_monitoring': None,
'incident_response_plan_activated': 'Yes',
'law_enforcement_notified': 'Federal law '
'enforcement',
'network_segmentation': None,
'on_demand_scrubbing_services': None,
'recovery_measures': None,
'remediation_measures': None,
'third_party_assistance': 'Cybersecurity experts'},
'title': 'Time Bank Data Breach via Marquis Software Solutions '
'Inc.',
'type': 'Data Breach'}