- Marquis Software Solutions hit by ransomware via SonicWall flaw, affecting 400,000+ customers across 74 banks/credit unions
- Stolen data includes names, SSNs, TINs, financial info, and birth dates; company allegedly paid ransom to prevent leaks
- Victims offered free identity theft protection; attack possibly linked to Akira ransomware exploiting CVE-2024-40766
American fintech company Marquis Software Solutions apparently suffered a ransomware attack and allegedly even paid the attackers not to let the stolen data leak onto the dark web.
Earlier this week, the company filed a new report with Attorney General offices across the states, including Maine, Iowa, and Texas, and reached out to affected clients to notify them about the incident.
As per the reports, the attack took place on August 14, 2025, when crooks broke in through a vulnerability in the SonicWall firewall.
Hundreds of thousands of victims
"The review determined that the files contained personal information received from certain business customers," the data breach notification reads. "The personal information potentially involved for Maine residents includes names, addresses, phone numbers, Social Security numbers, Taxpayer Identification Numbers, financial account information without security or access codes, and dates of birth."
Citing notifications filed in multiple US states, BleepingComputer says that more than 400,000 customers, with accounts in 74 banks and credit unions, were affected. At press time, no threat actors took responsibility for the attack, and the data was not published, or leaked, anywhere.
At one point, Community 1st credit union claimed the company paid the ransom demand in order to protect the stolen files:
"Marquis paid a ransomware shortly after 08/14/25. On 10/27/25 C1st was notified that nonpublic personal information related to C1st members was included in the Marquis breach," the notification, which was later deleted, allegedly stated. It was seen by Comparitech. Marquis has not commented on these allegations.
The company is also offering the victims free identity theft and credit monitoring through Epiq Privacy Solutions ID.
While the identity of the attackers is unknown, there have been reports in the past of Akira ransomware abusing a bug in SonicWall SSL VPN devices to breach networks, deploy encryptors, and steal files. SonicWall fixed the vulnerability (now tracked as CVE-2024-40766) months ago, but it appears that not all organizations applied the fix on time.
Via BleepingComputer
➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.