70 plus U.S. banks hit by massive ransomware breach

Dozens of U.S. banks and credit unions hit hard

More than 70 U.S. banks and credit unions were impacted by a massive ransomware attack tied to fintech firm Marquis Software Solutions.

The breach exposed sensitive data belonging to at least 400,000 customers across the country, and newer disclosures suggest the total number of affected individuals may exceed 780,000.

The incident has triggered filings with multiple state attorney general offices and raised new alarms about third-party cybersecurity risks inside the U.S. financial system.

Hundreds of thousands affected

Regulatory filings show over 400,000 customers at 74 banks and credit unions were hit in a cyberattack tied to Marquis Software Solutions, and reports suggest the nationwide impact may be higher.

The scale of exposure makes it one of the largest recent breaches tied to a single financial technology provider in the United States. Incidents like this underscore the growing risks in fintech, where centralized platforms can create widespread vulnerability if security measures fail.

How the attack began

The attack took place on August 14, 2025, when hackers broke into Marquis Software Solutions through a vulnerability in its SonicWall firewall system, according to breach notification filings.

The flaw allowed attackers to silently access internal systems and extract sensitive customer data without immediate detection. Because the breach went unnoticed for some time, the hackers were able to gather a significant amount of information.

Sensitive data was stolen

The stolen files contained extremely sensitive personal information tied to bank customers, according to state breach notifications obtained by regulators.

Exposed data reportedly included names, addresses, phone numbers, Social Security numbers, Taxpayer Identification Numbers, financial account information, and dates of birth.

The breadth of the information underscores the severity of the breach and the potential risks for affected individuals.

Ransom payment allegations surface

A notification from Community 1st Credit Union claimed that Marquis paid a ransom shortly after the August breach to prevent the stolen data from being leaked.

The statement was later removed, and Marquis has not publicly confirmed or denied whether a ransom payment actually occurred. This lack of clarity has left customers and regulators uncertain about the company’s response and the potential use of the stolen data.

Data has not leaked

At the time of reporting, no hacker group had publicly claimed responsibility for the attack, and none of the stolen data had appeared on leak sites. This absence of public disclosure has provided some relief to customers and financial institutions while authorities continue their inquiries.

This has led to cautious optimism among affected institutions, though investigations into the breach are still ongoing.

Free protection for victims

Marquis confirmed that it is offering free identity theft protection and credit monitoring services through Epiq Privacy Solutions ID to all affected customers across the nation.

The move aims to reduce long-term financial harm and damage for customers whose most sensitive personal data may now be at risk of misuse or fraud.

States receive breach notices

Earlier this week, Marquis filed breach notifications with attorney general offices in several states, including Maine, Iowa, and Texas, ensuring that regulators were officially informed of the incident.

The filings were part of the company’s legal obligations to notify regulators and affected customers of the data exposure, allowing authorities to monitor the situation and guide steps for protection and remediation.

SonicWall flaw exploited

The hack was traced to a known vulnerability in SonicWall SSL VPN devices, tracked as CVE-2024-40766, an improper access control flaw that attackers can use to gain unauthorized network access.

SonicWall issued a fix months earlier, but the breach suggests the patch may not have been applied before the attack occurred. This oversight underscores ongoing challenges in cybersecurity, where delayed updates can leave critical systems exposed to sophisticated threats.

Akira links raise concerns

Security researchers have previously linked the Akira ransomware group to similar attacks using SonicWall flaws to deploy encryptors and steal files.

While no group has formally claimed this breach, the technique matches methods previously associated with Akira operations, suggesting that the perpetrators may have drawn on known tactics to infiltrate Marquis Software Solutions’ systems.

Banks face growing exposure

The breach highlights how banks remain vulnerable through technology vendors that store and process sensitive customer information behind the scenes, showing that security risks extend beyond the institutions themselves.

Even when banks maintain strong internal security, weak points at vendors like software providers can still expose millions of financial records, putting customers’ personal and financial data at significant risk.

What this breach shows

This incident shows how quickly a single firewall flaw can ripple across the U.S. banking system through shared software platforms, affecting hundreds of thousands of customers in just a short period.

It also reinforces the growing danger ransomware poses to financial infrastructure that depends on interconnected digital systems, highlighting the urgent need for stronger cybersecurity measures and rapid response strategies across the industry.

Data theft risks keep rising, with 1.6 million affected in a massive insurance data breach; the threat feels closer than ever.

A warning for the industry

The Marquis breach serves as a warning to banks and fintech firms about the urgency of patching known vulnerabilities before attackers move in, showing how quickly a single security gap can compromise vast amounts of sensitive data.

The incident highlights the importance of regular system updates, proactive monitoring, and coordination with vendors to prevent similar breaches that could threaten both customers and institutional trust.

Are your Google accounts really secure? Explore 9 Google security settings that could save you from a data breach.

What do you think about this massive bank data breach? Share your thoughts in the comments.

Read More From This Brand:

• SpyX data breach exposes 2 million users
• Ukrainian cyberattack destroys Russian drone firm’s data and infrastructure
• Nintendo reportedly hacked as a cyber group claims a major data breach

Don’t forget to follow us for more exclusive content right here on MSN.

If you like this story, you’ll LOVE our Free email newsletter. Join today and be the first to receive stories like these.

This slideshow was made with AI assistance and human editing.