Bank Software Vendor Marquis Exposes 672K Customers' PII in August Data Breach
What Happened — In August, attackers infiltrated Marquis Software’s systems and copied files containing personal and financial data of 672,075 individuals. The breach was discovered on August 14, reported to law‑enforcement, and later confirmed through multiple state breach registries.
Why It Matters for TPRM —
- Sensitive PII (SSNs, TINs, DOB, account details) from banking customers was exfiltrated, raising identity‑theft and fraud risk.
- The vendor services over 70 financial institutions; a breach can cascade to downstream partners and affect third‑party risk assessments.
- Potential ransom payment hints at extortion tactics that may recur against similar SaaS providers.
Who Is Affected — Banks, credit unions, and other financial institutions using Marquis’s customer‑relationship software; their customers whose data was stored on the platform.
Recommended Actions —
- Review contracts and security clauses with Marquis Software or any similar banking SaaS providers.
- Verify that affected institutions have performed forensic reviews and updated access controls.
- Require evidence of post‑breach remediation (e.g., enhanced encryption, MFA, monitoring).
Technical Notes — Attack vector not publicly disclosed; hackers copied files from the vendor’s environment, suggesting possible credential compromise or insider access. No ransomware gang claimed responsibility, though a ransom payment was reportedly made. Exfiltrated data includes names, addresses, phone numbers, Social Security Numbers, Taxpayer Identification Numbers, dates of birth, and financial account information. Source: The Record