Marquis, a company that provides software and marketing tools to hundreds of banks and credit unions, was hacked in August 2025 through a security device called a SonicWall firewall. The attackers used this break-in to steal files from Marquis’ network. Marquis, works with more than 700 banks and credit unions in the U.S.
Marquis stores a lot of customer information for these banks, so when the company was hacked, many bank customers’ personal data was stolen.— things like names, addresses, phone numbers, Social Security numbers, dates of birth, and some financial account information.
So far, at least 400,000 people are confirmed affected, and that number will probably grow. Texas is the hardest hit, with more than 354,000 people impacted. Marquis is now notifying states and sending letters on behalf of individual banks and credit unions. The total number of impacted people varies by state and institution.
How did the hackers get in?
The hackers broke in through a SonicWall VPN, which is a system employees use to log in to work from home.
A cybercriminal group called Akira used a security flaw in SonicWall that let them:
-
Steal people’s usernames and passwords
-
Steal the secret codes used to make MFA login codes
Even though SonicWall fixed the flaw, many companies didn’t reset all the stolen login information. Because of that, the hackers could still log in using the old stolen details.
What did the criminals do once inside?
Once logged in through the compromised VPN, Akira typically:
-
Explores the internal network
-
Identifies important or sensitive systems
-
Gains higher-level access (admin privileges)
-
Steals sensitive data
-
Finally deploys ransomware to lock and encrypt systems
How is Marquis trying to fix things now?
According to filings from one credit union (CoVantage), Marquis strengthened security by:
-
Updating and patching firewalls
-
Changing passwords
-
Removing old or unused accounts
-
Ensuring multi-factor authentication is turned on
-
Keeping more detailed logs
-
Blocking accounts after too many failed login attempts
-
Limiting which countries can connect
-
Blocking connections to known malicious servers
Marquis hasn’t said which hacker group is responsible, but the gang, Akira was known for attacking SonicWall users around that time. The company also hasn’t said how many people in total were affected or whether the hackers demanded — or received — a ransom payment.