Marquis Solutions Software Data Breach Affects Bank and Credit Union Customers Nationwide Featured
Over 400,000 Bank and Credit Union Customers May Be Affected
Marquis Software Solutions, Inc. (“Marquis”), a Texas-based financial services software provider, has disclosed a significant data breach resulting from a ransomware attack that may have exposed sensitive personal and financial information belonging to customers of dozens of U.S. banks and credit unions.
According to regulatory filings and breach notifications, the incident has impacted more than 400,000 individuals nationwide, making it one of the most far-reaching third-party financial data breaches reported in 2025.
What Happened?
Marquis Software Solutions discovered suspicious activity on its network on August 14, 2025. Following an internal investigation, the company determined that unauthorized actors gained access to its systems through a vulnerability associated with a SonicWall firewall used for remote access.
During the attack, the intruders allegedly copied certain files from Marquis’s systems, including files containing personal information that Marquis had received from its banking and credit union clients. Public reporting indicates the incident involved a ransomware attack, and at least one affected institution reported that a ransom was paid in an apparent effort to prevent the stolen data from being leaked.
Marquis has since begun notifying affected individuals on behalf of its financial institution clients and has reported the breach to multiple state Attorneys General.
What Information was Exposed?
Based on breach notifications filed with state regulators, the personal information potentially compromised includes:
- Full names
- Home addresses
- Phone numbers
- Dates of birth
- Social Security numbers
- Taxpayer Identification Numbers (TINs)
- Financial account information (without access codes)
The exact data elements exposed may vary depending on the bank or credit union involved.
Who is Affected?
The breach impacts customers of at least 70+ banks and credit unions across the United States that used Marquis Software Solutions for data analytics, marketing, CRM, or compliance services.
Affected institutions reportedly include (among others):
- 1st Northern California Credit Union
- BayFirst National Bank
- Bellwether Community Credit Union
- Cape Cod Five
- Community 1st Credit Union
- Florida Credit Union
- Gateway First Bank
- Gesa Credit Union
- Maine State Credit Union
- Michigan First Credit Union
- Suncoast Credit Union
- TowneBank
- Ulster Savings Bank
- Valley Strong Credit Union
- Westerra Credit Union
- Zing Credit Union
Marquis has stated there is currently no evidence that the stolen data has been misused, but cybersecurity experts warn that stolen personal and financial data often surfaces months or years later in fraud schemes, identity theft, or dark-web marketplaces.
Why This Breach Is Especially Concerning
This incident highlights the growing risk of third-party data breaches in the financial sector. Even when banks and credit unions maintain strong internal security, customer data may still be exposed through vendors that have access to regulated financial information.
Financial institutions affected by this breach have been forced to:
- Notify customers
- Investigate downstream risks
- Monitor for fraud and identity theft
- Address potential regulatory and reputational consequences
For individuals, exposure of Social Security numbers and financial identifiers can lead to long-term identity theft risks, including fraudulent loans, tax fraud, and unauthorized account activity.
What Is Marquis Doing in Response?
Marquis reports that it has taken steps to strengthen its cybersecurity posture, including:
- Patching and updating firewall devices
- Rotating credentials and disabling unused accounts
- Enabling multi-factor authentication (MFA)
- Increasing logging and monitoring
- Implementing VPN lockout and geo-filtering controls
Affected individuals are also being offered complimentary credit monitoring services through breach notification letters.
What Should You Do If You Received a Marquis Breach Notice?
If you received a data breach notification letter from Marquis Software Solutions or from your bank or credit union referencing this incident, you may be entitled to legal rights and remedies, including compensation for time spent monitoring accounts, out-of-pocket losses, and increased risk of identity theft.
Data breach cases involving sensitive financial and Social Security information often raise questions about whether reasonable security measures were in place and whether affected individuals are entitled to damages.
Contact a Data Breach Lawyer
If you were impacted by the Marquis Software Solutions data breach, we would like to speak with you about your legal options.
Please complete the form on this page. A data breach attorney will review your situation and contact you directly to discuss your rights and potential next steps. There is no cost or obligation to you.