Quick Takeaways
- Marquis Software Solutions suffered a ransomware attack on August 14, 2025, via its SonicWall firewall, leading to the theft of personal and financial data affecting over 400,000 customers across 74 US banks and credit unions.
- The breach involved the theft of sensitive personal information, including SSNs, addresses, and banking details, although there is no evidence of data misuse or publication so far.
- Marquis increased its cybersecurity measures post-incident, such as patching firewalls, enabling multi-factor authentication, and applying geo-IP filtering, indicating prior vulnerabilities exploited through SonicWall VPN accounts.
- The attackers, linked to the Akira ransomware gang, have been targeting SonicWall VPN vulnerabilities since early 2024, often exploiting un-reset credentials even after SonicWall issued patches, enabling further network infiltration.
Problem Explained
Marquis Software Solutions, a prominent provider of financial data analytics and services to over 700 US banks, suffered a significant ransomware attack on August 14, 2025. The breach occurred through their SonicWall firewall, which was exploited due to a known vulnerability (CVE-2024-40766) that allowed hackers to access the network and steal sensitive files. Consequently, personal information—such as names, addresses, Social Security numbers, financial details, and dates of birth—was compromised, impacting more than 400,000 customers across 74 financial institutions in several states, including Maine, Iowa, and Texas. The firm reports no evidence of data misuse yet, but a prior, deleted filing indicated Marquis paid a ransom to prevent data leaks, raising concerns about ongoing threats and security weaknesses.
The attack’s origin is linked to the notorious Akira ransomware group, which has targeted SonicWall VPNs by exploiting vulnerabilities and stolen credentials to infiltrate networks. Even after SonicWall released patches, many organizations, including Marquis, failed to fully reset credentials, enabling continued breaches. Post-infiltration, attackers swiftly conducted reconnaissance, escalated privileges, and exfiltrated data before deploying ransomware. New security measures, such as patching firewalls, implementing multi-factor authentication, auto-blocking known malicious connections, and applying geo-IP filtering, have since been adopted to bolster defenses. However, this incident underscores the persistent vulnerability of firewall systems and emphasizes the need for robust, multi-layered cybersecurity practices to mitigate similar threats.
Potential Risks
The Marquis data breach, which affected over 74 US banks and credit unions, illustrates how similar cyberattacks could threaten your business too. Such breaches expose sensitive customer data, risking identity theft and fraud, thereby damaging your reputation and eroding customer trust. Moreover, the breach can lead to significant financial losses due to regulatory fines, remediation costs, and legal actions. As digital threats evolve, any business—regardless of size—becomes vulnerable without proper cybersecurity measures. Consequently, failure to protect your data can cause operational disruptions, weaken customer confidence, and ultimately threaten your long-term success. Therefore, proactive cybersecurity strategies are essential to prevent comparable incidents from impacting your business.
Fix & Mitigation
In the wake of the Marquis data breach affecting over 74 US banks and credit unions, swift and effective remediation is critical to minimize damage, restore trust, and protect sensitive financial information.
Assessment & Containment
Conduct immediate incident assessment to identify affected systems and scope. Isolate compromised networks and disable suspicious access points to prevent further intrusion.
Eradication Procedures
Remove malicious entities—malware, unauthorized accounts, or backdoors—ensuring the threat is eliminated from the environment.
Patch & Update
Apply security patches and updates to vulnerable software and systems, closing known exploits exploited during the breach.
Credential Reset
Enforce mandatory password resets and implement multi-factor authentication to secure user accounts against unauthorized access.
Monitoring & Detection
Implement enhanced continuous monitoring for unusual activity, leveraging intrusion detection systems (IDS) and Security Information and Event Management (SIEM) tools.
Communication & Notification
Notify affected stakeholders, including customers and regulators, in compliance with legal requirements, maintaining transparency and trust.
Policy Review & Training
Review security policies and conduct staff training on security best practices to prevent future breaches.
Recovery & Validation
Restore affected systems from clean backups, validate data integrity, and confirm systems are secure before resuming normal operations.
Future Prevention
Invest in advanced cybersecurity measures, regular risk assessments, and incident response planning to strengthen resilience.
Stay Ahead in Cybersecurity
Stay informed on the latest Threat Intelligence and Cyberattacks.
Learn more about global cybersecurity standards through the NIST Cybersecurity Framework.
Disclaimer: The information provided may not always be accurate or up to date. Please do your own research, as the cybersecurity landscape evolves rapidly. Intended for secondary references purposes only.
Cyberattacks-V1cyberattack-v1-multisource
