VeraBank Data Breach Exposes Sensitive Customer Information via Third-Party Vendor
VeraBank, a Texas-based community bank with nearly $4.3 billion in assets, is investigating a data breach involving a third-party vendor, Marquis Software Solutions. The incident, discovered on August 14, 2025, stemmed from unauthorized access to Marquis’ systems, where an attacker copied files containing VeraBank customer data. While VeraBank’s own systems remained unaffected, the breach exposed sensitive information provided to the vendor.
Exposed Data Includes:
- Names
- Addresses
- Dates of birth
- Account numbers
- Social Security numbers or tax ID numbers
VeraBank completed its review on December 12, 2025, and began notifying affected individuals shortly after. The breach was officially disclosed to the Massachusetts Attorney General’s office on December 26, 2025.
Marquis Software Solutions, which handles customer communications and data analysis for VeraBank, confirmed the cybersecurity incident but did not specify the number of individuals impacted. The law firm Shamis & Gentile P.A. is investigating potential legal action for those affected, citing possible compensation for damages related to the breach.
VeraBank has offered free Cyberscout identity theft protection services to impacted customers as part of its response. The incident highlights the risks of third-party vendor breaches in the financial sector.
Source: https://www.claimdepot.com/investigations/verabank-data-breach-2025
VeraBank cybersecurity rating report: https://www.rankiteo.com/company/verabank
"id": "VER1766786250",
"linkid": "verabank",
"type": "Breach",
"date": "8/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Financial Services',
'location': 'Henderson, Texas, USA',
'name': 'VeraBank, Inc.',
'size': '500-550 employees, $4 billion - $4.3 billion '
'in assets',
'type': 'Bank'},
{'industry': 'Software/IT Services',
'name': 'Marquis Software Solutions',
'type': 'Vendor'}],
'attack_vector': 'Third-party vendor compromise',
'customer_advisories': 'Notification to affected individuals on 2025-12-12',
'data_breach': {'data_exfiltration': 'Yes',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Names',
'Addresses',
'Dates of birth',
'Account numbers',
'Social Security numbers or tax '
'ID numbers']},
'date_detected': '2025-08-14',
'date_publicly_disclosed': '2025-12-26',
'description': 'VeraBank, a community bank in Texas, experienced a data '
'breach through its vendor Marquis Software Solutions. An '
"unauthorized third party accessed Marquis's network and "
'copied files containing sensitive information provided by '
"VeraBank. VeraBank's own systems were not impacted, but "
'customer data was exposed.',
'impact': {'data_compromised': 'Sensitive personally identifiable information',
'identity_theft_risk': 'High',
'payment_information_risk': 'High',
'systems_affected': 'Vendor (Marquis Software Solutions) systems'},
'post_incident_analysis': {'root_causes': 'Third-party vendor (Marquis '
'Software Solutions) compromise'},
'recommendations': ['Sign up for free Cyberscout identity theft protection '
'services',
'Monitor financial statements for suspicious activity',
'Place a fraud alert and request credit reports from '
'major credit bureaus',
'Seek legal help to understand rights and pursue '
'compensation'],
'references': [{'source': 'Shamis & Gentile P.A.'}],
'regulatory_compliance': {'legal_actions': 'Potential class action lawsuit',
'regulatory_notifications': 'Filed with '
'Massachusetts Attorney '
'General’s office'},
'response': {'communication_strategy': 'Notification to affected individuals '
'on 2025-12-12, filing with '
'Massachusetts Attorney General’s '
'office on 2025-12-26',
'third_party_assistance': 'Cyberscout identity theft protection '
'services'},
'threat_actor': 'Unauthorized third party',
'title': 'VeraBank Data Breach via Vendor Marquis Software Solutions',
'type': 'Data Breach'}