The Weekly Breach Breakdown: Noblesse Oblige – Banks and Consumers Impacted by Marquis Data Breach Rise

Summary

• In January, Marquis Software Solutions began notifying hundreds of thousands of people that their information had been taken during a ransomware attack. According to TechCrunch, the company has access to data belonging to U.S. consumer banking customers, including personal information, financial data and Social Security numbers that were stolen.
• While a company spokesperson declined to provide a number of how many people were impacted by the Marquis data breach to TechCrunch, as of February 4, American Banker reported that at least 80 banks and 824,000 consumers were affected.
• Now, Marquis is sending a letter to customers that says the ransomware operations didn’t breach its systems by exploiting an unpatched SonicWall firewall. Instead, the attackers used information obtained from firewall configuration backup files stolen after gaining unauthorized access to SonicWalls’ MySonicWall online customer portal.
• Regardless of how it happened, follow the advice in the data breach notice if you receive one. Also, freeze your credit (whether you receive a notice or not) and exercise good cyber-hygieneby switching to passkeys when they are available and using 12+ character unique passphrases with multi-factor authentication when they are not.
• To learn about the latest data compromises, consumers and businesses should visit the ITRC’s data breach tracking tool. If you believe you are the victim of identity theft, fraud or a scam, or if you receive a Marquis data breach notice, call or text toll-free at 888.400.5530 or live chat on our website at org.

Full Transcript

Welcome to the Identity Theft Resource Center’s (ITRC) Weekly Breach Breakdown for February 13, 2026. I’m Alex Achten, Vice President of Media Relations for the ITRC. Thanks to Sentilink for supporting the ITRC and this podcast. Each week, we review the latest events and trends in data security and privacy. Today, we will examine the Marquis data breach. We are not referring to a high-ranking hereditary noble in the European peerage. Rather, the software solutions provider.

Last month, Marquis Software Solutions, which enables hundreds of banks and credit unions to visualize their customer data, began notifying hundreds of thousands of people that their information was stolen in a ransomware attack. According to TechCrunch, the company has access to large amounts of data belonging to U.S. consumer banking customers, including personal information, financial data and Social Security numbers that were stolen.

While a company spokesperson declined to provide a number of how many people were impacted by the Marquis data breach to TechCrunch, as of February 4, American Banker reported that 80 banks and 824,000 consumers were affected. These numbers could rise as new data breach notices are submitted to state attorneys general.

Now, Marquis is pointing the finger at the cybersecurity company, SonicWall. According to Bleeping Computer, Marquis is sending a letter to customers that says the ransomware operations didn’t breach its systems by exploiting an unpatched SonicWall firewall, as previously believed. Instead, the attackers used information obtained from firewall configuration backup files stolen after gaining unauthorized access to SonicWalls’ MySonicWall online customer portal.

SonicWall disclosed the security breach mentioned by Marquis on September 17, 2025, when it warned customers to reset their MySonicWall account credentials and said the incident affected only about five (5) percent of its firewall customers using its cloud backup service.

The company also warned that threat actors could extract access credentials and tokens, making it “significantly easier” to compromise affected customers’ firewalls. However, roughly three weeks later, SonicWall issued an update confirming that all customers using its cloud backup service were affected by the September breach.

One month later, it published another update stating that an investigation into the September attack found evidence linking the incident to state-sponsored hackers. Bleeping Computer reports that it contacted SonicWall, but a spokesperson has not yet responded.

The ITRC has had multiple victims contact us who have received a Marquis data breach notice for a deceased spouse. Our data department also continues to monitor the breach closely. We will provide additional details in our monthly newsletter, In the Loop, as we learn more. You can subscribe by visiting our website, idtheftcenter.org, and clicking on “Newsletter” under the “Resources” tab. You can also click here.

To protect yourself from data events like the Marquis data breach, freeze your credit, whether you have received a victim notice or not. It is the single most impactful thing you can do to protect yourself. For more information on how to freeze your credit, visit frozenpii.com, which is powered by the ITRC.

Also, practice good cyber hygiene by switching to passkeys when offered and using a unique 12+ character passphrase for each account when not. When using passphrases, enable multi-factor authentication wherever available to provide an additional layer of security.

If you receive a Marquis data breach notice, take all the actions mentioned above and also follow the advice in the notice. Watch for phishing attempts that claim to be from Marquis.

You can download our 2025 Annual Data Breach Report for a look at all of the data breaches and trends from 2025, as well as additional information on how to protect yourself. Visit the “Reports” section of our website, idtheftcenter.org, or click here.

If you want to know more about how to protect your business or personal information or think you have been the victim of identity theft, fraud or a scam, you can speak with an expert ITRC advisor on the phone, via text message, chat live on the web or exchange emails during our normal business hours (6 a.m.-5 p.m. PT). Just visit idtheftcenter.org to get started.

Thanks again to Sentilink for their support of the ITRC and this podcast. Please hit the like button for this episode and subscribe wherever you listen to your podcasts.

We will return next week with another episode of the Weekly Breach Breakdown. I’m Alex Achten. Until then, thanks for listening.