Marquis Software Ransomware Attack Impacts Financial Institutions, Artisans’ Bank and VeraBank Confirm Data Exposure
Published
Key Takeaways
- Supply Chain Vulnerability: A ransomware attack on third-party vendor Marquis Software compromised dozens of financial institutions and thousands of customers.
- Widespread Data Exposure: The breach exposed PII, including SSNs and financial account details.
- Breach Confirmed: Artisans' Bank and VeraBank filings revealed that data from roughly 70,000 customers was impacted.
Two additional U.S. banks have confirmed their involvement in a significant Marquis Software ransomware attack that occurred in August. Artisans' Bank and VeraBank recently notified regulators that customer data was compromised due to a security incident at their third-party vendor, which provides data analytics and compliance solutions to hundreds of banks and credit unions.
Marquis suffered a ransomware attack around August 14, 2025. While the banks' own internal systems remained secure, the attackers successfully exfiltrated data maintained on the vendor's infrastructure.
Technical Analysis of Customer Data Exposure
Specific filings indicate that 37,318 individuals associated with VeraBank and 32,344 individuals associated with Artisans' Bank were affected. The total number of victims across all affected client institutions is estimated to range from 788,000 to 1.35 million.
VeraBank said it discovered the data breach on August 14, while Artisans’ said the breach was noticed on November 4, and both started notifying customers on December 23. The first offered 24 months of TransUnion credit monitoring, including Cyberscout fraud assistance, and the latter 12 months of IDX credit monitoring.
Forensic investigations determined that threat actors exploited a vulnerability in a SonicWall firewall to gain unauthorized access to Marquis Software's network, resulting in the exfiltration of sensitive datasets used for customer communication and analysis:
- names,
- addresses,
- phone numbers,
- dates of birth,
- Social Security numbers,
- financial account information.
Broader Implications for Banking Security
This incident serves as a stark reminder of the cascading effects of a cyberattack on a financial institution. Although no ransomware group has publicly claimed responsibility, reports suggest that a ransom may have been paid to prevent the leak of stolen data.
To date, Marquis Software has notified at least 74 entities of the breach. Regulatory filings in multiple states, including Maine and Washington, confirm the extensive reach of this customer data exposure.
Financial organizations are advised to rigorously vet third-party vendors' cybersecurity postures, particularly regarding patch management for critical infrastructure like firewalls, to mitigate similar supply chain vulnerabilities.
This month, a La Poste DDoS attack disrupted French postal and banking services before the Holidays. In November, a SitusAMC cyberattack exposed client data of major banks.
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular