Marquis is a fintech and software company based in Texas that supplies data-driven marketing, customer data platforms, analytics, and compliance solutions to banks and credit unions across the United States. Serving over 700 financial institutions, typically those with 200–500 employees, the company’s platform is designed to consolidate customer data to drive targeted campaigns, regulatory reporting, and fair-lending/CRA analytics. This functionality makes Marquis a vital vendor within the U.S. community banking ecosystem.
On August 14, 2025, Marquis Software identified a ransomware attack that was ultimately traced back to unauthorized access through its SonicWall firewall. The company immediately initiated an investigation, enlisting the assistance of cybersecurity experts and notifying federal authorities of the incident. Marquis has since confirmed that the attackers may have exfiltrated data and is currently in the process of issuing notices to affected business customers whose data it maintained.
The data breach notification, which was submitted to the Maine Attorney General’s Office, stated that Marquis detected the suspicious network activity and confirmed the ransomware attack on August 14, 2025. Following the discovery, the company promptly launched an investigation with the engagement of cybersecurity experts through legal counsel. Federal law enforcement was also informed. The investigation concluded that an unauthorized third party had accessed Marquis’s network via its SonicWall firewall on that date and may have acquired specific files from the systems. Marquis is now providing this formal notice on behalf of certain current and former business customers whose data was stored by the company.
In the past week, Marquis began the process of sending written notification letters to all affected individuals and officially filed data breach notices with the Attorney General’s Offices in several U.S. states. The sensitive data that was exposed during the breach encompasses personal details such as names, addresses, Social Security numbers, dates of birth, and taxpayer identification numbers. While acknowledging the incident, the company’s notification continued by asserting, “At this time, we have no evidence of the misuse, or attempted misuse, of personal information as a result of this incident.” In response to the breach, Marquis is notifying all affected customers and is offering complimentary credit monitoring and identity theft protection services.
Reference:
