Bank software vendor Marquis says more than 670,000 impacted by August breach

Steven

Bank software vendor Marquis says more than 670,000 impacted by August breach

Summary

Marquis Software, a vendor that provides customer-communication and CRM-style tools to banks and credit unions, has confirmed that a cyberattack in August exposed the personal information of 672,075 people. The company discovered the breach on 14 August, notified law enforcement and hired cybersecurity experts; investigators found that attackers copied files from Marquis’ systems.

The leaked data reportedly includes names, addresses, phone numbers, Social Security numbers and Taxpayer Identification Numbers, dates of birth and financial account information. Marquis previously said at least 74 financial institutions were affected but did not disclose the total number of individuals; outside researchers and law firms estimated the count may be higher (estimates ranged from roughly 788,000 to 1.35 million).

Some banks stressed their own systems were not breached and that only data held by Marquis was taken. A since-deleted notification from one credit union suggested Marquis may have paid a ransom, though the company has not confirmed any payment and no ransomware group has publicly claimed responsibility.

Key Points

  • Marquis Software reports 672,075 individuals’ records were exposed after an August breach discovered on 14 August.
  • Exposed data includes names, contact details, Social Security/Taxpayer numbers, dates of birth and account information.
  • At least 74 banks and credit unions were previously notified as affected; aggregate estimates by researchers put potential victims higher.
  • Banks say attackers accessed data stored by Marquis, not their own internal systems.
  • There are unconfirmed reports (a deleted notification) suggesting Marquis may have paid a ransom; the company has not commented publicly on payments.

Context and Relevance

This incident highlights ongoing third-party vendor risk: attackers increasingly target suppliers that hold large volumes of sensitive customer data rather than penetrating each bank directly. For customers, the breach raises immediate identity-theft and account-fraud concerns. For banks and regulators, it stresses the need for tighter vendor oversight, incident response coordination and transparent breach reporting.

The event fits broader industry trends where centralised service providers represent high-value targets — a single breach can affect many financial institutions and large numbers of customers. Legal, compliance and fraud-prevention teams at affected organisations will need to assess notification, remediation and potential regulatory exposure.

Why should I read this

Heads-up: if you use a regional bank or credit union, there’s a decent chance your data could be in this mess. This story pulls together who was hit, what types of data leaked and why vendor breaches are becoming the go-to play for attackers. Read it if you want the quick lowdown on the risks to customers and to organisations that rely on third-party vendors.

Author style

Punchy — this is a big one. If you manage data protection, customer safety or vendor risk, pay attention to the details: they affect breach notifications, fraud response and regulatory obligations. If you’re a consumer, skim the key points and check any notices from your bank.

Source

Source: https://therecord.media/marquis-bank-vendor-data-breach