A major data breach tied to U.S. fintech firm Marquis is rippling through banks, credit unions and their customers. Hackers broke into Marquis systems by exploiting a known but unpatched vulnerability in a SonicWall firewall, gaining access to deeply sensitive consumer data.
At least 400,000 people are confirmed to be affected so far across multiple states. Texas has been hit the hardest with more than 354,000 residents impacted. That number is expected to rise as additional breach notifications are filed.
Marquis operates as a marketing and compliance provider for financial institutions. The company says it serves more than 700 banks and credit unions nationwide. That role gives Marquis access to centralized pools of customer data, which also makes it a high-value target.

What information was stolen in the Marquis cyberattack
According to legally required disclosures filed in Texas, Maine, Iowa, Massachusetts and New Hampshire, hackers accessed a wide range of personal and financial data. Stolen information includes customer names, dates of birth, postal addresses, Social Security numbers and bank account, debit, and credit card numbers. The breach dates back to August 14, when attackers gained access through the SonicWall firewall vulnerability. Marquis later confirmed the incident was a ransomware attack.
While Marquis did not publicly name the attackers, the campaign has been widely linked to the Akira ransomware gang. Akira has previously targeted organizations running SonicWall appliances during large-scale exploitation waves. This was not a routine credential leak.
We reached out to Marquis for comment, and a company spokesperson provided CyberGuy with the following statement:
“In August, Marquis Marketing Services experienced a data security incident. Upon discovery, we immediately enacted our response protocols and proactively took the affected systems offline to protect our data and our customers’ information. We engaged leading third-party cybersecurity experts to conduct a comprehensive investigation and notified law enforcement.
The incident was quickly contained, and our investigation was recently completed. It was determined that an unauthorized third party accessed certain non-public information within our network. However, there is no evidence indicating that any personal information has been used for identity theft or financial fraud. We have notified potentially affected individuals.
We know our customers place great trust in us, and at Marquis, we take that responsibility seriously by making the protection of their information our highest priority. We are extremely appreciative of the cooperation, understanding, and support of our employees and customers during this time.”
Why the Marquis data breach creates long-term identity risk
When a data breach exposes your full identity, the danger does not disappear after the news cycle ends. Unlike a stolen password, this kind of information cannot be changed, which means the risk can stick around for a long time.
“With a typical credential leak, you reset passwords, rotate tokens and move on,” Ricardo Amper, CEO and Founder of Incode Technologies, a digital identity verification company, tells CyberGuy. “But core identity data is static. You cannot meaningfully change your date of birth or SSN, and once those are exposed, they can circulate on criminal markets for years. The breach is a moment in time, but the exposure it creates can follow people for the rest of their financial lives.”
That is why identity breaches are so dangerous. Criminals can reuse the same stolen data years later to open new accounts, build fake identities, or run highly targeted scams that feel personal and convincing. Many attackers now combine this data with AI tools to scale their efforts. As a result, phishing emails, phone calls and even voice impersonations are harder to spot when they reference real details about your bank or account history.
Which banks use Marquis Marketing Services?
While Marquis Marketing Services says it works with more than 700 banks and credit unions, the company has not released a full list of its financial-institution clients. Instead, affected banks are required to disclose vendor breaches individually through state regulators and customer notifications.
So far, multiple community banks and credit unions across Texas, New England and the Midwest have filed breach notices explicitly naming Marquis as the affected third-party vendor. These disclosures confirm that Marquis was used for marketing, compliance or customer communications services, which required access to sensitive consumer data.
Larger national banks have not publicly confirmed involvement as of publication, but that does not mean their customers are unaffected. Vendor-based breaches often surface months later as additional notifications are filed, especially when institutions are still determining whether customer data was accessed.

Watch the latest episode of The CyberGuy Report.
Missed this event? Sign up via the registration form and see our live recording.
See Kurt’s latest Amazon picks for useful gadgets, smart home upgrades and everyday tech worth grabbing while the deals last.
The most likely scams after identity data is stolen
When criminals obtain verified identity data, fraud becomes targeted rather than opportunistic. “Once criminals get their hands on rich, verified identity data, fraud stops being a guessing game and becomes a targeted execution,” Amper said. The first major threat is account takeover. With enough personal details, attackers can bypass knowledge-based checks, reset passwords, change contact information and abuse accounts in ways that often look legitimate. The second risk is new account fraud. This includes credit cards, loans, buy now pay later services and even new bank accounts. High-quality data helps these applications pass automated systems and manual reviews.
The fastest-growing threat is synthetic identity fraud. Real data, like a Social Security number, is blended with fabricated details to create a new identity that matures over time before a large financial bust. “These attacks are hard to catch early because the data being presented is accurate and often reused across multiple institutions,” Amper noted. “If your defenses can’t reliably tell a real human from an AI-generated impersonation, you are starting every decision from a position of disadvantage,” he added.
Why unpatched firewall flaws pose such a serious threat
Ransomware groups like Akira increasingly focus on widely deployed infrastructure to maximize impact. Firewalls sit at the boundary of trusted networks. When one is compromised, everything behind it becomes reachable. “What we’re seeing with groups like Akira is a focus on maximizing impact by targeting widely used infrastructure. The strategy remains the same: find a single weak point that gives access to many downstream victims at once,” Amper said.
This approach exposes a persistent blind spot in traditional cybersecurity thinking. Many organizations still assume traffic passing through a firewall is safe. “When the perimeter device itself is the entry point, static defenses and outdated controls simply can’t keep up,” Amper explained.
How long affected consumers should assume risk remains high
Identity data does not expire. Social Security numbers and birth dates stay the same for life. Amper emphasizes that, “When core identity data reaches criminal markets, the risk does not fade quickly. Fraud rings treat stolen identity data like inventory. They hold it, bundle it, resell it and combine it with information from new breaches.”
Warning signs of misuse can be subtle. These include credit inquiries you did not authorize, account recovery alerts from unfamiliar services or phone calls that convincingly mimic a bank’s verification process using deepfake voice tools. “The most damaging fraud often starts long after the breach is no longer in the news,” Amper added.
The overlooked impact of identity theft
Financial losses are only part of the damage. Victims often experience a lasting erosion of trust. Amper says, “The most overlooked consequence is the psychological toll of knowing that you can no longer trust who is contacting you. Deepfake impersonation turns every phone call, video message or urgent request into a potential attack.”

Ways to stay safe after the Marquis data breach
When a breach exposes Social Security numbers, bank details and birth dates, the risk does not end with a password reset. These steps focus on protections that reduce long-term identity misuse and help you detect fraud early.
1) Freeze your credit with all major bureaus
A credit freeze prevents criminals from opening new accounts in your name using stolen identity data. This is critical after the Marquis breach, where full identity profiles were exposed. Freezing credit does not affect your score and can be lifted temporarily when needed. Place a free credit freeze with Equifax, Experian, and TransUnion online or by phone. Each bureau must be contacted separately. Once frozen, new credit cannot be opened unless you temporarily lift or remove the freeze using a PIN or account login.
2) Place a fraud alert on your credit file
A fraud alert tells lenders to take extra steps to verify your identity before approving credit. It adds protection if you are not ready to freeze credit everywhere or want an extra layer on top of a freeze. Fraud alerts last for one year and can be renewed. You only need to contact one credit bureau to place a fraud alert. Equifax, Experian, or TransUnion will notify the others for you. Fraud alerts are free and last for one year.
3) Enable transaction and account alerts
Turn on alerts for withdrawal, purchase, login attempts and password changes across all financial accounts. Real-time alerts can help you catch account takeovers or unauthorized activity before serious damage occurs.
4) Review bank statements and credit reports regularly
Check statements and credit reports often, even months or years after the breach. Identity data from incidents like this is frequently reused later for delayed fraud. Watch for unfamiliar accounts, hard inquiries, or small test charges.
5) Use phishing-resistant two-factor authentication
Text message codes can be intercepted or socially engineered. Where possible, switch to app-based or hardware-backed two-factor authentication. These options are harder for attackers to bypass, even when they know your personal details.
6) Rely on strong device-based biometrics where available
Biometrics tied to your physical device add a layer that criminals cannot easily replicate. Face and fingerprint authentication help block account takeovers driven by stolen identity data or AI-powered impersonation.
7) Use strong antivirus software
Reputable antivirus software helps detect malicious links, fake login pages and follow-up attacks that target breach victims. This adds protection against phishing and ransomware tied to identity-based scams.
The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.
- Strong real-time protection against viruses, malware, ransomware and hacking attempts
- AI-powered scam protection to help identify suspicious emails, texts and websites
- Built-in password manager to securely store and manage logins
- 2 GB PC cloud backup to help protect important files from ransomware or hardware failure
- Smart firewall and phishing protection
- Protects 1, 3 or 5 devices
- Available for Windows, macOS, Android and iOS
- Includes real-time threat protection, smart firewall and phishing protection to guard against online attacks
8) Consider a data removal service
Data brokers collect and resell personal information that can be combined with breach data to fuel targeted fraud. A data removal service reduces how much of your personal information is publicly available and lowers your exposure over time.
While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.
Incogni, a service I trust 100% and use myself, helps automate the process by submitting removal requests to hundreds of data brokers and people-search sites on your behalf.
Incogni automatically contacts data brokers on your behalf and requests the removal of your personal information. It also continues monitoring those sites and submits new removal requests if your data reappears.
- Incogni currently removes personal data from 420+ data broker and people-search websites, and its Unlimited plan allows you to request removals from as many additional sites as you need.
- Incogni has also received third-party assurance from Deloitte, validating its marketing claims.
- The goal is simple: make it much harder for strangers, scammers, and cybercriminals to find your personal information online.
CyberGuy readers get 60% off Incogni’s annual plans using the links in this article.
The service also includes a 30-day money-back guarantee, so you can try it risk-free and see how much of your information is exposed online.
Is your personal information exposed online?
Run a free scan to see if your personal info is compromised. Results arrive by email in about an hour.
9) Add an identity theft protection service
Identity theft services monitor credit files, dark web markets and account activity for signs that your stolen data is being misused. Many also offer recovery assistance in the event of fraud, which can save time and stress when dealing with banks, credit bureaus, and government agencies. This monitoring is especially useful after breaches like Marquis, where identity data can resurface long after the initial incident.
Exclusive CyberGuy deal: Save up to 68% today: Get Aura’s award-winning identity theft protection and credit monitoring for as low as $9/month when billed annually.
10) Verify unexpected outreach through official channels
Be cautious of urgent calls, emails or texts that reference real banking or personal details. Scammers now use accurate breach data to sound legitimate. Hang up and contact your bank directly using the number on your card or official website.
11) Lock down tax and government accounts
Create or secure online accounts with the IRS, Social Security Administration, and your state tax agency. Enable strong authentication and monitor for unexpected notices. Stolen identity data is often used for tax refund fraud or benefit scams long after a breach.
Related Links:
- What exactly is a data breach and why should I care?
- 10 million Americans hit in government contractor data breach
- The sickening truth: Healthcare data breaches reach all-time high
Kurt’s key takeaways
The Marquis data breach highlights how dangerous unpatched infrastructure vulnerabilities have become for the financial sector. When a single vendor holds data for hundreds of institutions, the fallout spreads quickly. For you, identity protection is no longer a one-time response. It is an ongoing necessity that can last years beyond the initial breach.
What questions do you still have about protecting your identity after a major data breach like this one? Let us know in the comments below.
FOR MORE OF MY TECH TIPS & SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE
Copyright 2025 CyberGuy.com. All rights reserved. CyberGuy.com articles and content may contain affiliate links that earn a commission when purchases are made.

1 comment
Every American citizen who has a bank account, or who owns a computer, should be writing to Congress. They need to be told to get out of the 18th Century and into the 21st and start writing some comprehensive legislation regarding the collection, use, storage, and disposal of all electronic data. The great majority of “leaks” and “hacks” involving personal data don’t directly involve the financial entities used by the People, but involve third-party companies those entities hire and give access to client information. I worked for a bank for years, and we were never successfully hacked because our IT department was that good. We did not contract with outside businesses to handle any sensitive information.