5th December 2025 Cyber Update: US Banking Vendor Breach Exposes Hundreds of Thousands to Fraud

Texas-based Marquis Software Solutions, a key marketing and compliance software provider for over 700 financial institutions, has begun notifying customers of a major data breach that occurred on August 14, 2025. The incident, which the company detected on the same day, involved a ransomware attack that compromised a vast trove of sensitive personal and financial information.

The company said ransomware-wielding attackers gained a foothold in its IT environment after breaching its SonicWall firewall on Aug. 14, which it detected the same day after seeing "suspicious activity on its network."

Investigators found that the attacker may have accessed files containing data stored by Marquis Software on behalf of "present and former business customers," pertaining to their own customers, and that "the incident was limited to Marquis' environment."

Attackers exploited a zero-day vulnerability in the company's SonicWall firewall to gain access to its network. While Marquis has not officially named the threat actor, security researchers widely attribute the attack to the Akira ransomware gang, which was actively exploiting the specific SonicWall vulnerability during that period.

The compromised data is highly sensitive and includes customer names, dates of birth, postal addresses, Social Security numbers, and financial details such as bank account, debit, and credit card numbers. According to data breach notifications filed in multiple states, at least 400,000 individuals are confirmed to be affected, with the total number expected to rise as more institutions complete their investigations. One of the most alarming revelations came from a now-deleted breach notification filed by an Iowa credit union, which stated that "Marquis paid a ransom" to the attackers.

Expert Analysis

The attack on Marquis highlights the devastating speed and efficiency of modern ransomware operations. Security firm Arctic Wolf, which has tracked the Akira gang's campaign, noted the exceptionally short dwell times observed in similar intrusions. In a recent report, The State of Cybersecurity: 2025 Trends Report revealed that:

that 23% of organizations experienced at least one significant ransomware attack in 2024. And these attacks remain difficult for organizations to remediate without succumbing to threat actor demands, with the same report finding 76% of victim organizations are electing to pay the ransom to regain access to their data and environment.

This rapid execution leaves victim organisations with a minimal window to detect and respond, underscoring the critical need for automated, proactive defense systems.

Why It Matters

The Marquis data breach is a textbook example of a catastrophic supply chain attack. The nearly four-month delay between the incident and the public disclosure is a significant point of concern, as it left hundreds of thousands of individuals vulnerable to fraud without their knowledge. This case underscores the systemic risk posed by third-party vendors and the critical importance of holding them to the highest security standards. The exploitation of a zero-day flaw demonstrates that even well-prepared organisations can fall victim, highlighting the need for a defense-in-depth strategy that goes beyond simple perimeter security. The alleged ransom payment, if true, further fuels the ransomware economy and emboldens threat actors to continue their campaigns against critical infrastructure.

Get the stories that matter to you.
Subscribe to Cyber News Centre and update your preferences to follow our Daily 4min Cyber Update, Innovative AI Startups, The AI Diplomat series, or the main Cyber News Centre newsletter — featuring in-depth analysis on major cyber incidents, tech breakthroughs, global policy, and AI developments.