Marquis says ransomware attack exposed data of 672,075 people after 2025 breach

Marquis, a Texas-based financial services and marketing technology provider, says a 2025 ransomware attack exposed the personal and financial data of 672,075 people. The company disclosed the updated figure in notices sent this week, months after first reporting the breach to state regulators.

The company said attackers compromised its network on August 14, 2025, after exploiting a SonicWall firewall. Marquis provides digital marketing, analytics, compliance, and CRM services to hundreds of banks, credit unions, and mortgage lenders across the U.S., so the incident had a broad downstream effect on financial institutions that relied on its systems.

According to the breach notices, the stolen information included names, dates of birth, addresses, phone numbers, Social Security numbers, taxpayer identification numbers, and some financial account information. Marquis told affected individuals that the incident was limited to its own systems and did not affect customer systems directly.

The case already stood out because of its operational impact. Earlier disclosures tied the attack to outages or disruptions affecting 74 banks across the United States. The new figure gives the clearest picture yet of how large the personal data exposure became.

How Marquis links the breach to SonicWall

Marquis has publicly tied the attack to SonicWall’s MySonicWall cloud backup incident, which SonicWall disclosed on September 17, 2025. At the time, SonicWall said an unauthorized party had accessed firewall configuration backup files for customers using its cloud backup service. In a later update, SonicWall said the investigation confirmed access to backup files for all customers who had used that service.

Those files contained encrypted credentials and configuration data, which SonicWall warned could increase the risk of targeted attacks. Marquis has argued that the exposed backup information made it easier for attackers to compromise its firewall and deploy ransomware weeks earlier, in August 2025.

In February 2026, Marquis sued SonicWall, accusing the security vendor of gross negligence and misrepresentation. The lawsuit says Marquis suffered customer losses, reputational damage, reduced business value, and other financial harm after the ransomware incident. Marquis also said it has been defending more than 36 consumer class action lawsuits tied to the breach.

What happened at a glance

Why this breach matters

This was not a small vendor incident buried in the supply chain. Marquis serves a large number of financial institutions, so one intrusion created consequences across many organizations at once. That makes the attack a reminder that service providers in banking and lending can become high-value targets even when their customers’ own systems remain untouched. This is an inference based on Marquis’ role and the reported impact across dozens of banks.

The SonicWall angle also gives the case extra weight. SonicWall’s October 2025 update expanded the scope of the backup-file incident beyond the earlier narrow framing, and Marquis now claims that exposure set up the later ransomware attack. Courts will decide the liability questions, but the sequence has already made this one of the more closely watched third-party breach disputes in the cybersecurity and financial services sectors.

FAQ