Fintech firm Marquis is notifying dozens of US banks and credit unions that customer data was stolen in a cyber attack earlier this year.
Details of the cyberattack emerged this week after Marquis filed data breach notifications with several US states that confirmed the August 14 incident as a ransomware attack.
Texas-based Marquis is a marketing and compliance provider that enables banks and other financial institutions to collect and visualize all of their customer data in one place. Company counts more than 700 bank and credit union customers on her website. As such, Marquis accesses and stores large amounts of data belonging to consumer banking customers throughout the United States.
At least 400,000 people have so far been confirmed to be affected by the data breach, according to legally required disclosures filed in the states of Iowa, Maine, Texas, Massachusetts and New Hampshire reviewed by TechCrunch.
Texas has the largest number of state residents so far whose data was stolen due to the breach, affecting at least 354,000 people.
said the Marquis in his announcement with Maine’s attorney general that banking customers with Maine State Credit Union accounted for the most data breach notifications, or about one in nine people known to be affected statewide.
The number of people affected by the breach is expected to rise as more data breach notifications come in from other states.
Marquis said the hackers stole customer names, dates of birth, mailing addresses and financial information such as bank account, debit and credit card numbers. Marquis said the hackers also stole customers’ Social Security numbers.
According to its most recent announcements, Marquis blamed the ransomware attack on hackers who exploited a vulnerability in its SonicWall firewall. The vulnerability was considered zero-day, meaning the flaw was not known to SonicWall or its customers before it was maliciously exploited by hackers.
Marquis did not attribute the ransomware attack to a specific group, but the Akira ransomware gang was reportedly behind the massive intrusions targeting SonicWall customers at the time.
TechCrunch asked Marquis if he knows the total number of people affected by the breach and if Marquis received any communication from the hackers or if the company paid a ransom, but we did not hear back by press time.
Know more about the Marquis data breach? Do you work for Marquis or a company affected by the breach? We would love to hear from you. To contact this reporter securely, you can contact using Signal via username: zackwhittaker.1337
