March 18, 2026 — Financial technology firm Marquis has disclosed that a ransomware attack last year compromised the personal and sensitive financial data of more than 672,000 individuals. The Plano, Texas-based company, which provides data analysis services to hundreds of banks, filed the data breach notification with Maine’s attorney general’s office.
Scope of the Compromised Data
The breach, which occurred in August 2025, allowed hackers to access a trove of sensitive customer information. According to the filing, stolen data includes names, dates of birth, and postal addresses. The hackers also obtained financial details such as bank account numbers, debit card numbers, and credit card numbers.
Marquis confirmed that Social Security numbers were also taken in the attack. More than half of the affected individuals reside in Texas, according to a separate notification filed with that state.
Legal Action Against Security Provider
In February 2026, Marquis filed a lawsuit against its firewall provider, SonicWall. The fintech company alleges security failures by SonicWall enabled hackers to steal critical information about its firewalls. This information was then used to compromise Marquis’s network, deploy ransomware, and exfiltrate customer data.
The lawsuit claims SonicWall created a vulnerability that allowed attackers to steal firewall configuration backup files, including those belonging to Marquis. This legal action underscores the complex chain of responsibility in modern cybersecurity incidents, where third-party vendors can become critical points of failure.
Industry Impact and Response
The breach highlights persistent vulnerabilities within the financial technology sector, where companies handle vast amounts of sensitive data on behalf of banking clients. Marquis provides data visualization and analytics services, meaning the compromised information originated from its banking partners’ customers.
Cybersecurity experts note that attacks targeting financial data intermediaries can have a cascading effect, impacting multiple institutions through a single point of entry. The theft of Social Security numbers is particularly severe, as this information can be used for long-term identity theft and fraud.
Marquis has begun notifying the affected individuals. The company did not provide immediate comment when contacted by TechCrunch regarding the breach disclosure. Standard practice following such notifications includes offering credit monitoring and identity theft protection services to victims.
Regulatory and Security Context
Data breach notifications filed with state attorneys general provide the public with the most complete picture of an incident’s scale. The Maine filing represents the first detailed public accounting of the number of people affected by the Marquis ransomware attack.
Ransomware attacks continue to pose a significant threat to businesses across all sectors. These incidents typically involve hackers encrypting a victim’s data and demanding payment for its release, often while also stealing sensitive information to extort the victim further.
The financial and regulatory consequences for companies that experience such breaches can be substantial. They often face regulatory scrutiny, potential fines, and civil litigation from affected consumers.
What Comes Next
Affected individuals should monitor communications from Marquis and their financial institutions for official notification and guidance. They are advised to review account statements for unauthorized activity, consider placing fraud alerts on their credit reports, and remain vigilant against phishing attempts that may use the stolen personal data.
The lawsuit against SonicWall will proceed in court, potentially setting precedents for vendor liability in cybersecurity incidents. Meanwhile, the broader fintech industry is likely to re-examine security protocols for third-party integrations and data handling practices in light of this significant breach.
This article was produced with AI assistance and reviewed by our editorial team for accuracy and quality.
