FinSecLedger
Breach Analysis2 min read

Marquis Software Breach: Third-Party Risk in Financial Services

Analysis of the Marquis Software Solutions ransomware attack that compromised 824,000+ customers at 80+ banks and credit unions.

By FinSecLedger

Summary

In late January 2026, Marquis Software Solutions disclosed a ransomware attack that compromised sensitive customer data from over 80 banks and credit unions. The attack, attributed to the Akira ransomware gang, exploited an unpatched vulnerability in a SonicWall firewall.

Impact

The breach affected approximately 824,000 customers across the financial institutions that use Marquis's marketing and compliance software. Compromised data includes:

  • Social Security numbers
  • Bank account numbers
  • Names and addresses
  • Dates of birth

Attack Vector

According to initial reports, the attackers exploited a known but unpatched vulnerability in Marquis's SonicWall network security appliance. This highlights a recurring theme in third-party breaches: vendors often have less mature security programs than their financial institution clients.

Third-Party Risk Implications

This incident underscores several key lessons for financial institutions:

  1. Vendor security assessments must be ongoing - A vendor that passed due diligence two years ago may have let their security posture degrade.

  2. Patch management requirements should be contractual - Financial institutions should require vendors to maintain specific patch SLAs.

  3. Data minimization matters - Did Marquis need to retain SSNs for their marketing functions? Limiting data shared with vendors limits breach impact.

  4. Incident notification timing - The timeline between breach discovery and customer notification will likely draw regulatory scrutiny.

Regulatory Response

Given the scale of the breach and the sensitivity of exposed data, we expect:

  • State attorney general investigations in multiple states
  • Potential NYDFS enforcement action for affected NY-regulated institutions
  • Class action litigation

What Financial Institutions Should Do

If your institution uses Marquis Software Solutions:

  1. Confirm whether your customer data was affected
  2. Review your vendor management program and Marquis's contract terms
  3. Prepare customer notification processes
  4. Document your incident response for regulatory inquiries
  5. Consider additional monitoring for affected customers

Sources

  • Maine Attorney General Data Breach Notification
  • American Banker reporting
  • SonicWall vulnerability advisories
Tags:ransomwarethird-party-riskakiravendor-management