Marquis Data Breach: 74+ US Banks & Credit Unions Affected

Marquis Data Breach: 74+ US Banks & Credit Unions Affected

December 4, 2025 Lisa Park - Tech Editor Tech

Summary of the Marquis Software⁢ Solutions Data Breach

This article details a data breach at Marquis Software Solutions, a⁢ vendor serving approximately 700 banks and credit unions. ⁤Hear’s a breakdown of the key data:

What Happened:

* Data Breach: Marquis Software Solutions experienced a data breach impacting potentially hundreds of financial institutions. The table in the article lists some of the affected institutions.
* Data Potentially compromised: Nonpublic personal information of members from affected credit unions was included in the breach.
* Ransomware Payment: A now-deleted filing by‍ community 1st Credit Union suggests marquis paid a ‍ransom to prevent data leakage. Marquis officially states there’s no evidence of data⁤ misuse.
* Attack vector (Likely): The breach likely originated through a compromised SonicWall⁤ VPN account, a tactic commonly used by the Akira ransomware gang.

Security Improvements Implemented by Marquis:

Marquis has taken steps to enhance its ‌security, including:

*⁢ Firewall Updates: ‌ Ensuring all firewall devices are patched and up-to-date.
*​ Password Rotation: Rotating passwords for local accounts.
* Account Management: Deleting old/unused accounts.
* Multi-Factor Authentication (MFA): Enabling⁤ MFA for firewall and VPN accounts.
* Increased Logging: Increasing logging retention for firewall​ devices.
* VPN Security: Implementing account lock-out policies for failed ‌VPN logins.
* Geo-IP Filtering: Restricting connections to specific countries needed for business.
* Botnet Blocking: ⁢Blocking connections to/from known Botnet Command and Control⁢ servers.

Connection ‍to Akira Ransomware:

* The Akira ransomware gang has been actively targeting SonicWall⁢ firewalls since at least September 2024.
* This suggests a potential link between the Akira gang and the attack on Marquis.

Key Takeaways:

* This breach highlights the vulnerability of vendors serving ​critical ⁤infrastructure like financial‍ institutions.
* The use of compromised‌ VPNs as an entry point for ransomware attacks is a meaningful concern.
* The security improvements implemented by Marquis are a positive step,⁤ but ongoing vigilance is crucial.