- Marquis Software Solutions Hit by Ransomware Via SonicWall Flaw, Affecting Over 400,000 Customers at 74 Banks/Credit Unions
- The stolen data includes names, SSN, TIN, financial information and dates of birth; the company allegedly paid a ransom to prevent leaks
- Victims were offered free protection against identity theft; Attack possibly linked to Akira ransomware exploiting CVE-2024-40766
American financial technology company Marquis Software Solutions apparently suffered a ransomware attack and allegedly even paid the attackers to not allow stolen data to leak to the dark web.
Earlier this week, the company filed a new report with the Attorney General’s offices of all states, including Maine, Iowa and Texas, and contacted affected customers to notify them of the incident.
The attack reportedly took place on August 14, 2025, when criminals broke through a vulnerability in SonicWall’s firewall.
Hundreds of thousands of victims
“The review determined that the files contained personal information received from certain business clients,” the data breach notification reads. “Personal information potentially involved for Maine residents includes names, addresses, telephone numbers, Social Security numbers, taxpayer identification numbers, financial account information without access or security codes, and dates of birth.”
Citing notices filed in several US states, beepcomputer It says more than 400,000 customers, with accounts at 74 banks and credit unions, were affected. At the time of this publication, no threat actor has claimed responsibility for the attack and the data has not been published or leaked anywhere.
At one point, Community 1st Credit Union claimed that the company paid the ransom demand to protect the stolen files:
“Marquis paid ransomware shortly after 08/14/25. On 10/27/25 C1st was notified that non-public personal information related to C1st members was included in the Marquis breach,” the notification, which was later deleted, reportedly said. It was seen by Comparitech. Marquis has not commented on these allegations.
The company also offers victims free credit and identity theft monitoring through Epiq Privacy Solutions ID.
While the identity of the attackers is unknown, there have been reports in the past that Akira ransomware abused a bug in SonicWall SSL VPN devices to breach networks, deploy encryptors, and steal files. SonicWall fixed the vulnerability (now tracked as CVE-2024-40766) months ago, but it appears that not all organizations applied the fix in time.
Through beepcomputer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
