Banking tech data breach exposes 672K in ransomware attack

If you've ever trusted your bank to keep your financial data safe, this incident will hit close to home.

A behind-the-scenes tech company used by banks has revealed that more than 672,000 people had sensitive personal and financial information stolen in a ransomware attack. That includes details that criminals can use to drain accounts, open loans, or impersonate you.

What makes this more concerning is that the company is not a household name, so you likely never knew your data was even there.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com – trusted by millions who watch CyberGuy on TV daily. Plus, you'll get instant access to my Ultimate Scam Survival Guide free when you join.

HOW TO SAFELY VIEW YOUR BANK AND RETIREMENT ACCOUNTS ONLINE
 

Marquis, a fintech company based in Texas, provides data analytics tools to hundreds of banks. Banks rely on Marquis to study customer behavior and improve services, which means Marquis has access to highly sensitive financial and personal data.

In August 2025, hackers reportedly gained access to Marquis' systems and carried out a ransomware attack. The company now says at least 672,075 people were affected. More than half of them are in Texas, but customers across multiple regions are involved.

The stolen data reportedly includes names, dates of birth, home addresses, bank account details, debit and credit card numbers, and even Social Security numbers. That combination is enough to commit serious identity fraud.

Marquis later filed a lawsuit against its firewall provider, SonicWall, claiming that a security flaw may have allowed attackers to steal critical configuration files. According to the lawsuit, those files gave hackers a roadmap into Marquis' network, which they used to steal data and deploy ransomware.

The lawsuit goes further, alleging that SonicWall failed to properly secure its cloud backup system, which exposed firewall configuration files, encrypted credentials and detailed network architecture tied to customer environments. Marquis claims this level of access effectively gave attackers a blueprint of its defenses. Marquis also alleges that SonicWall knew its cloud backup service had been compromised but did not promptly disclose the full scope of the breach. According to the complaint, the company initially reassured customers that firewall protections were not affected, delaying Marquis' ability to take protective action. The complaint further alleges gross negligence, arguing that SonicWall failed to uphold basic cybersecurity responsibilities expected of a security provider.

CyberGuy reached out to Marquis for comment, and a spokesperson provided the following statement:

"In August 2025, Marquis Marketing Services identified a data security incident and immediately enacted our incident response protocols, including proactively taking affected systems offline to protect our data and our customers' information. We engaged leading third-party cybersecurity experts to conduct a comprehensive investigation and notified law enforcement.

In September 2025, after the data security incident affected our systems, our firewall service provider, an industry-leading cybersecurity company, publicly disclosed that a threat actor had earlier in the year gained unauthorized access to its cloud backup service. Marquis had recently begun using this provider's firewalls to help protect our network. While the provider initially reported that fewer than 5% of customers were affected, it later clarified in October 2025 that firewall configuration data and credentials associated with all customers using the cloud backup service, including Marquis, had been accessed.

We know our customers place great trust in us, and we take that responsibility seriously. Protecting information remains our highest priority, and we continue to enhance our security measures in response to the evolving cyber threat landscape. We are grateful for the cooperation, understanding and support of our employees and customers throughout this process."

We also reached out to SonicWall for comment, but did not hear back before our deadline.

WHY SCAMMERS OPEN BANK ACCOUNTS IN YOUR NAME
 

This attack did not target you directly. Instead, it hit a company that sits in the middle of the banking system. That is what makes it dangerous. Think of it like this: you lock your house, but someone breaks into the security company that manages keys for your entire neighborhood. Suddenly, they can unlock multiple homes without ever touching your door.

In this case, hackers reportedly gained access to firewall configuration files. These are like blueprints that show how a company's defenses are set up. With that information, attackers can find weak spots and slip in without setting off alarms.

Security experts warn that when firewall configuration files and credentials are exposed, attackers can more easily map out a network, identify vulnerabilities and bypass protections that would normally stop an intrusion.

Once inside, they copied sensitive data and likely encrypted systems to demand a ransom. Even if the company restores operations, your data is already out there.

Criminals can use your Social Security number and financial details to open credit cards, take loans, or access your bank accounts. They can also combine your data with other leaks to create convincing scams that look legitimate. You might receive calls, emails, or messages that seem to come from your bank but are actually attempts to steal more information.

If your information was exposed, or even if you're not sure, taking action now can reduce your risk of fraud, identity theft, and unauthorized access to your accounts.

To see if your email was affected, visit Have I Been Pwned at haveibeenpwned.com. It is the first and official source for this newly added dataset. Enter your email address to find out if your information appears in the Synthient leak.  When done, come back here for Step 2.

Start with your most important accounts, such as email, medical and banking. Use strong, unique passwords with letters, numbers, and symbols. Avoid predictable choices like names or birthdays. Never reuse passwords. One stolen password can unlock multiple accounts.  A password manager makes this simple. It stores complex passwords securely and helps you create new ones. Many managers also scan for breaches to see if your current passwords have been exposed. See my review of the Best Password Managers of 2026 at Cyberguy.com.

Check your transactions at least once every few days, not just when your monthly statement arrives. Look for small, unfamiliar charges because criminals often test accounts with tiny transactions before attempting larger withdrawals. Catching this early gives you a better chance of stopping further damage.

If your Social Security number may be exposed, consider placing a fraud alert or freezing your credit. This makes it harder for criminals to open new accounts in your name. A freeze is a stronger protection because lenders must verify your identity before issuing credit.

WHY A CREDIT FREEZE ISN’T THE END OF IDENTITY THEFT
 

Enable two-factor authentication (2FA) whenever possible, especially for banking and email accounts. This adds a second step, like a code sent to your phone, which makes it much harder for someone to access your accounts even if they have your password.

With breaches like this, your information can end up on the dark web without you knowing. If you find your information is out there, take it seriously and consider removing your data where possible or using a data removal service to limit further exposure. Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

With your personal details exposed in the Marquis data breach, scammers can craft messages that feel legitimate. Be cautious of calls or emails claiming to be from your bank asking for verification or urgent action. Always contact your bank directly using official numbers instead of responding to those messages. Also, avoid clicking links you don't recognize. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.

These services monitor your personal information across credit reports, dark web marketplaces, and financial systems. They can alert you quickly if your identity is being misused, giving you a chance to act before serious damage occurs. See my tips and best picks on Best Identity Theft Protection at Cyberguy.com.

Make sure your phone, computer, and apps are up to date with the latest security patches. Install trusted antivirus software to detect malicious activity. While this breach did not happen on your device, attackers often follow up with malware-based scams. 

This breach highlights a growing problem you rarely see. Your data does not just live with your bank. It is shared across a network of third-party companies that you have never heard of, yet they hold enough information to expose your entire financial identity. When one of them fails, the consequences fall on you. The legal battle between Marquis and SonicWall also raises a bigger question about accountability. When cybersecurity providers themselves are accused of exposing sensitive infrastructure and delaying disclosure, it shows how quickly trust can break down across the entire system.

Should companies that handle your financial data face automatic penalties when breaches expose hundreds of thousands of people? Let us know by writing to us at Cyberguy.com.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

Copyright 2026 CyberGuy.com. All rights reserved.