Data breach exposes information of 400,000 bank customers

A major data breach linked to US financial technology company Marquis is spreading across banks, credit unions and their customers. Hackers broke into Marquis systems by exploiting a known but unpatched vulnerability in a SonicWall firewall, gaining access to deeply sensitive consumer data.

It has been confirmed that so far at least 400,000 people are affected in several states. Texas has been the hardest hit with more than 354,000 residents affected. That number is expected to increase as additional non-compliance notices are filed.

Marquis operates as a marketing and compliance provider for financial institutions. The company says it serves more than 700 banks and credit unions nationwide. That role gives Marquis access to centralized pools of customer data, which also makes him a high-value target.

PASSWORD MANAGER FINED AFTER MAJOR DATA BREACH

Sign up to receive my FREE CyberGuy reportGet my best tech tips, urgent security alerts, and exclusive offers delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Guide to Surviving Scams, free when you join me CYBERGUY.COM information sheet.

What information was stolen in the Marquis cyberattack

According to legally required disclosures filed in Texas, Maine, Iowa, Massachusetts and New Hampshire, hackers accessed a wide range of personal and financial data. The stolen information includes customer names, dates of birth, mailing addresses, Social Security numbers, and bank account, debit, and credit card numbers. The breach dates back to August 14, when attackers gained access through the SonicWall firewall vulnerability. Marquis later confirmed that the incident was a ransomware attack.

While Marquis did not publicly name the attackers, the campaign has been widely linked to the Akira ransomware gang. Akira has previously targeted organizations running SonicWall devices during large-scale exploit waves. This was not a routine credentials leak.

We reached out to Marquis for comment and a company spokesperson provided CyberGuy with the following statement:

“In August, Marquis Marketing Services experienced a data security incident. Upon discovery, we immediately implemented our response protocols and proactively took affected systems offline to protect our data and our customers’ information. We engaged leading third-party cybersecurity experts to conduct a thorough investigation and notified authorities.

The incident was quickly contained and our investigation recently concluded. It was determined that an unauthorized third party accessed certain non-public information within our network. However, there is no evidence to indicate that any personal information has been used for identity theft or financial fraud. We have notified potentially affected individuals.

We know our customers place great trust in us, and at Marquis we take that responsibility seriously by making the protection of their information our top priority. “We are very grateful for the cooperation, understanding and support of our employees and customers during this time.”

HOW TO STOP IMPOSTER BANK SCAMS BEFORE THEY DRAIN YOUR WALLET

Why the Marquis data breach creates a long-term identity risk

When a data breach exposes your entire identity, the danger doesn’t go away once the news cycle ends. Unlike a stolen password, this type of information cannot be changed, meaning the risk can persist for a long time.

“With a typical credential breach, you reset your passwords, rotate your tokens, and move on,” Ricardo Amper, CEO and founder of Incode Technologies, a digital identity verification company, tells CyberGuy. “But basic identity data is static. You can’t meaningfully change your date of birth or Social Security number, and once it’s exposed, it can circulate in criminal markets for years. The breach is a moment in time, but the exposure it creates can follow people for the rest of their financial lives.”

This is why identity breaches are so dangerous. Criminals can reuse the same stolen data years later to open new accounts, create fake identities, or run highly targeted scams that seem personal and compelling. Many attackers are now combining this data with artificial intelligence tools to amplify their efforts. As a result, phishing emailsphone calls and even voice imitations They are harder to detect when they reference actual details about your bank or account history.

The most likely scams after identity data theft

When criminals obtain verified identity data, fraud becomes targeted and not opportunistic. “Once criminals obtain rich, verified identity data, fraud becomes less of a guessing game and more of a targeted execution,” Amper said.

The first major threat is account takeover. With enough personal data, attackers can bypass knowledge-based checks, reset passwords, change contact information, and abuse accounts in ways that often appear legitimate. The second risk is new account fraud. This includes credit cards, loans, buy now, pay later services and even new bank accounts. High-quality data helps these applications overcome automated systems and manual reviews.

The fastest growing threat is synthetic identity fraud. Real data, such as a Social Security number, is combined with invented details to create a new identity that matures over time before a major financial crisis.

“These attacks are difficult to detect early because the data presented is accurate and often reused across multiple institutions,” Amper said. “If your defenses can’t reliably distinguish a real human from an AI-generated impersonation, you’re starting every decision from a position of disadvantage,” he added.

Why unpatched firewall flaws pose such a serious threat

Ransomware groups like Akira are increasingly focusing on widely deployed infrastructure to maximize impact. Firewalls sit at the edge of trusted networks. When one is compromised, everything behind becomes accessible. “What we’re seeing with groups like Akira is a focus on maximizing impact by targeting widely used infrastructure. The strategy remains the same: find a single weak point that gives access to many victims at once,” Amper said.

This approach exposes a persistent blind spot in traditional cybersecurity thinking. Many organizations still assume that traffic passing through a firewall is secure. “When the perimeter device itself is the entry point, static defenses and outdated controls simply cannot keep up,” Amper explained.

The time that affected consumers must assume the risk remains high

Identity data does not expire. Social Security numbers and dates of birth remain the same for life. Amper emphasizes that “when basic identity data reaches criminal markets, the risk does not disappear quickly. Fraud networks treat stolen identity data as if it were inventory. They store it, bundle it, resell it and combine it with information from new breaches.”

Warning signs of misuse can be subtle. These include credit inquiries that you did not authorize, account recovery alerts from unknown services, or phone calls that convincingly imitate a bank’s verification process using deepfake voice tools. “The most damaging fraud often begins long after the breach is no longer in the news,” Amper added.

The overlooked impact of identity theft

Financial losses are only part of the damage. Victims often experience a lasting erosion of trust. Amper says, “The most overlooked consequence is the psychological cost of knowing you can no longer trust who is communicating with you. Deepfake spoofing turns every phone call, video message, or urgent request into a potential attack.”

Ways to stay safe after the Marquis data breach

When a breach exposes Social Security numbers, banking information, and dates of birth, the risk doesn’t end with a password reset. These steps focus on protections that reduce long-term identity misuse and help you detect fraud early.

1) Freeze your credit at the main offices

A credit freeze prevents criminals from opening new accounts in your name using stolen identity data. This is critical after the Marquis breach, where entire identity profiles were exposed. A credit freeze does not affect your score and can be temporarily lifted when necessary. Place a free credit freeze with Equifax, experian and TransUnion online or by phone. Each office must be contacted separately. Once frozen, new credit cannot be opened unless you temporarily lift or remove the freeze using a PIN or account login.

2) Place a fraud alert on your credit file

A fraud alert tells lenders to take additional steps to verify your identity before approving credit. Adds protection if you’re not ready to freeze credit everywhere or want an extra layer on top of a freeze. Fraud alerts last for one year and can be renewed. You only need to contact one credit bureau to file a fraud alert. Equifax, Experian, or TransUnion will notify others for you. Fraud alerts are free and last for one year.

3) Enable account and transaction alerts

Activate alerts for withdrawals, purchases, login attempts and password changes on all financial accounts. Real-time alerts can help you detect account takeovers or unauthorized activity before serious damage occurs.

4) Review bank statements and credit reports regularly.

Check account statements and credit reports frequently, even months or years after the violation. Identity data from incidents like this is often later reused to commit delayed fraud. Be on the lookout for unknown accounts, difficult inquiries, or small test charges.

5) Use phishing-resistant two-factor authentication

Text message codes can be intercepted or crafted s ocially. Whenever possible, switch to app-based or hardware-backed two-factor authentication. These options are more difficult for attackers to bypass, even when they know your personal data.

6) Rely on robust device-based biometrics when available

Biometrics linked to your physical device add a layer that criminals cannot easily replicate. Face and fingerprint authentication help block account takeover driven by stolen identity data or AI-powered phishing.

7) Use powerful antivirus software

Reputable antivirus software helps detect malicious links, fake login pages, and follow-on attacks targeting breach victims. This adds protection against phishing and ransomware linked to identity-based scams.

The best way to protect yourself from malicious links that install malware and potentially access your private information is to have powerful antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best antivirus protection winners of 2025 for your Windows, Mac, Android, and iOS devices at Cyberguy.com.

THIRD-PARTY BREACH EXPOSES CHATGPT ACCOUNT DETAILS

8) Consider a data removal service

Data brokers collect and resell personal information that can be combined with leaked data to drive targeted fraud. A data deletion service reduces the amount of your personal information that is publicly available and reduces your exposure over time.

While no service can guarantee complete removal of your data from the Internet, a data deletion service is truly a smart choice. They are not cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically deleting your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to delete your personal data from the Internet. By limiting the information available, you reduce the risk of scammers cross-referencing leak data with information they can find on the dark web, making it harder for them to target you.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already available on the web by visiting Cyberguy.com.

Get a free scan to find out if your personal information is already available on the web: Cyberguy.com.

9) Add an identity theft protection service

Identity theft services monitor credit files, dark web marketplaces, and account activity for signs that your stolen data is being misused. Many also offer fraud recovery assistance, which can save time and stress when dealing with banks, credit bureaus, and government agencies. This monitoring is especially useful after breaches like Marquis, where identity data can resurface long after the initial incident.

See my tips and best options on how to protect yourself from identity theft at Cyberguy.com.

10) Verify unexpected reach through official channels

Be wary of urgent calls, emails or text messages that refer to real personal or banking details. Scammers are now using accurate breach data to appear legitimate. Hang up and contact your bank directly using the number on your card or on the official website.

11) Block tax and government accounts

Create or protect online accounts with the IRS, Social Security Administration, and state tax agency. Enable strong authentication and monitor for unexpected prompts. Stolen identity data is often used for tax refund fraud or benefit scams long after a breach.

Kurt’s Key Takeaways

The Marquis data breach highlights how dangerous unpatched infrastructure vulnerabilities have become for the financial sector. When a single vendor holds data from hundreds of institutions, the consequences spread quickly. For you, identity protection is no longer a one-size-fits-all answer. It is an ongoing need that can last for years beyond the initial violation.

What questions do you still have about protecting your identity after a major data breach like this? Let us know by writing to us at Cyberguy.com.

CLICK HERE TO DOWNLOAD THE News APP

Sign up to receive my FREE CyberGuy report Get my best tech tips, urgent security alerts, and exclusive offers delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Guide to Surviving Scams, free when you join me CYBERGUY.COM information sheet.

Copyright 2025 CyberGuy.com. All rights reserved.