- Marquis Software Solutions is affected by ransomware via the SonicWall vulnerability, affecting more than 400,000 customers at 74 banks/credit unions.
- The stolen data included name, BSN, TIN, financial information and date of birth; The company reportedly paid a ransom to prevent leaks
- Victims received free identity theft protection. The attack may be related to the Akira ransomware, which exploits CVE-2024-40766.
US financial technology firm Marquis Software Solutions has reportedly been hit by a ransomware attack and even paid attackers to ensure its stolen data did not reach the dark web.
Earlier this week, the company filed a new report with the attorneys general of each state, including Maine, Iowa and Texas, and contacted affected customers to inform them of the incident.
The attack reportedly took place on August 14, 2025, when criminals gained entry through a vulnerability in SonicWall’s firewall.
Hundreds of thousands of victims
“Investigation has revealed that the files contain personal information about several corporate customers,” the data breach notice said. “Personal information that may apply to Maine residents includes names, addresses, telephone numbers, social security numbers, taxpayer identification numbers, financial account information without access or security codes, and dates of birth.”
Referring to reports filed in several US states, BeepTeam More than 400,000 customers with accounts at 74 banks and credit unions were affected. At the time of writing, no attacker has claimed responsibility for the attack and the information has not been published or made public anywhere.
At one point, Community 1st Credit Union claimed that the company had paid the requested ransom to protect the stolen files:
“Marquis made a ransomware payment shortly after 8/14/25. On 10/27/25, C1st was notified that non-public personal information of C1st members was included in the Marquis breach,” reads the message, which was later deleted. Comparitech has noticed that. Marchese has not responded to the allegations.
The company also offers victims free identity and credit theft monitoring through Epiq Privacy Solutions ID.
Although the identities of the attackers are unknown, Akira ransomware reportedly exploited a vulnerability in SonicWall SSL VPN devices to penetrate networks, deploy encryption programs, and steal files. SonicWall patched the vulnerability (now identified as CVE-2024-40766) months ago, but it appears that not all organizations have applied the patch in time.
IN BeepTeam