Marquis data breach impacted more than 780,000 individuals
December 04, 2025
Hackers breached fintech firm Marquis, stealing personal and financial data, the security breach impacted over 780,000 people.
Hackers breached fintech firm Marquis and stole personal and financial data, including names, addresses, SSNs, and card numbers, impacting over 780,000 people.
Marquis is a Texas-based fintech and software firm that provides data-driven marketing, customer data platforms, analytics, and compliance solutions to banks and credit unions across the U.S. It serves over 700 financial institutions, typically with 200–500 employees. The platform centralizes customer data to power targeted campaigns, regulatory reporting, and fair-lending/CRA analytics, making it a critical vendor in the U.S. community banking ecosystem.
Marquis Software detected a ransomware attack on August 14, 2025, traced to unauthorized access through its SonicWall firewall. The company launched an investigation with the help of security experts and notified federal authorities. The company confirmed that attackers may have stolen taken, and Marquis is issuing notice on behalf of affected business customers whose data it handled.
“On August 14, 2025, Marquis Software Solutions, Inc. (“Marquis”), a digital and physical marketing and communications vendor, detected suspicious activity on its network and determined that it was the victim of a ransomware attack. Upon discovery, Marquis promptly launched an investigation and engaged cybersecurity experts through legal counsel to assist.” reads the data breach notification sent to the Maine Attorney General’s Office. “Federal law enforcement was also notified. The investigation revealed that an unauthorized third party accessed Marquis’ network through its SonicWall firewall on August 14, 2025, and may have acquired certain files from its systems. Marquis is providing this notice on behalf of certain present and former business customers whose data Marquis has maintained”
Last week, Marquis started sending written notification letters to the affected individuals and filed data breach notices with the Attorney General’s Offices in several US states.
The exposed data includes personal information such as names, addresses, Social Security numbers, dates of birth, and taxpayer identification numbers.
“At this time, we have no evidence of the misuse, or attempted misuse, of personal information as a result of this incident.” continues the notification.
Marquis is notifying affected customers and offering free credit monitoring and identity theft protection. So far, it has found no evidence of misuse of personal information.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, data breach)