- Marquis Software Solutions hit by ransomware via SonicWall flaw affecting 400,000+ customers across 74 banks/credit unions
- Stolen data includes names, SSNs, TINs, financial information and dates of birth; The company reportedly paid a ransom to prevent leaks
- Victims Offered Free Identity Theft Protection; attack possibly associated with Akira ransomware exploiting CVE-2024-40766
US fintech company Marquis Software Solutions apparently suffered a ransomware attack and reportedly even paid the attackers not to let the stolen data leak onto the dark web.
Earlier this week, the company filed a new report with Attorney General offices across the states, including Maine, Iowa and Texas, and reached out to affected customers to notify them of the incident.
According to the reports, the attack took place on August 14, 2025, when crooks broke in through a vulnerability in the SonicWall firewall.
Hundreds of thousands of victims
“The review determined that the files contained personal information received from certain business customers,” the data breach notice reads. “The personal information potentially involved for Maine residents includes names, addresses, telephone numbers, social security numbers, taxpayer identification numbers, financial account information without security or passwords, and dates of birth.”
Referring to notices filed in several US states, Bleeping Computer says more than 400,000 customers with accounts at 74 banks and credit unions were affected. At press time, no threat actors claimed responsibility for the attack, and the data was not published or leaked anywhere.
At one point, Community First Credit Union claimed that the company paid the ransom demand to protect the stolen files:
“Marquis paid a ransomware shortly after 08/14/25. On 10/27/25, C1st was notified that non-public personal information related to C1st members was included in the Marquis breach,” allegedly the message, which was later deleted. It was spotted by Comparitech. Marquis has not commented on these allegations.
The company also offers victims free identity theft and credit monitoring through Epiq Privacy Solutions ID.
Although the identity of the attackers is unknown, there have been previous reports of Akira ransomware exploiting a flaw in SonicWall SSL VPN devices to breach networks, deploy encryptions, and steal files. SonicWall fixed the vulnerability (now tracked as CVE-2024-40766) months ago, but it appears that not all organizations applied the fix in time.
Via Bleeping Computer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
