Massive Vendor Data Breach Hits 74 Banks; Over 780,000 Customers Exposed

TEXAS – A major cybersecurity crisis is rippling through the U.S. banking sector following a ransomware attack on Marquis Software Solutions

prativad prativad
Dec 28, 2025 - 12:23 Updated: Dec 28, 2025 - 12:24
Massive Vendor Data Breach Hits 74 Banks; Over 780,000 Customers Exposed

TEXAS – A major cybersecurity crisis is rippling through the U.S. banking sector following a ransomware attack on Marquis Software Solutions, a prominent third-party vendor providing digital marketing and CRM services to over 700 financial institutions.

Recent regulatory filings and state notifications reveal that the breach is far more extensive than initially feared, with the total number of affected individuals now surpassing 780,000.

New Disclosures from VeraBank and Artisans’ Bank

The latest wave of notifications comes from Texas-based VeraBank and Delaware-based Artisans’ Bank, which confirmed that nearly 70,000 of their customers were collectively impacted.

  • VeraBank: Notified 37,318 clients that personal information was compromised.

  • Artisans’ Bank: Reported 32,344 customers were affected, with hackers accessing names and Social Security numbers.

These disclosures follow an earlier report from Maine’s Norway Savings Bank, which saw the data of 51,000 clients exposed in the same incident.

Anatomy of the Attack

The breach originated on August 14, 2025, when unauthorized actors exploited a vulnerability in a SonicWall firewall used by Marquis for remote access. Security researchers have linked the activity to the Akira ransomware group, which has been aggressively targeting unpatched network infrastructure.

Data confirmed to be compromised across various institutions include:

  • Full names and physical addresses

  • Dates of birth

  • Social Security numbers (SSN) and Taxpayer ID numbers

  • Financial account details and debit/credit card numbers

The Controversy: A Ransom Paid?

Reports have surfaced suggesting that Marquis Software Solutions paid a ransom to the attackers shortly after the August intrusion. While often done to prevent the leaking of sensitive data on the dark web, cybersecurity experts warn that such payments provide no guarantee and can make the victim a target for future "double extortion" attempts.

Impact on the Banking Ecosystem

While both VeraBank and Norway Savings Bank confirmed their internal systems remained secure, the incident highlights a critical vulnerability in the financial supply chain. Marquis centralizes data for hundreds of community banks, making it a high-value "hub" for cybercriminals.

"When an attacker hits a vendor like this, they don’t just hit one bank; they hit a data treasury," noted one industry analyst.

Tags: