Marquis Software Data Breach

A cybersecurity incident at Marquis Software Solutions last year compromised the personal and financial information of more than 800,000 credit union and bank customers across the United States. The August 2025 ransomware attack on this Texas-based financial technology vendor has created a crisis affecting at least 80 financial institutions that entrusted their customers’ most sensitive data to the company. Contact our data breach lawyers to investigate your claim. 

How the Breach Occurred

On August 14, 2025, Marquis Software Solutions—a provider of marketing and compliance software to over 700 banks and credit unions—discovered cybercriminals had infiltrated its network through a SonicWall firewall vulnerability. The attackers executed a ransomware attack, stealing customer data files before encrypting systems.

This third-party vendor breach is particularly dangerous because when Marquis was compromised, customer information from dozens of financial institutions was exposed simultaneously—a growing supply chain threat as companies increasingly rely on outside vendors for sensitive data processing.

What Information Was Stolen?

State attorney general filings reveal the breach exposed comprehensive personal and financial details, including full names, addresses, Social Security numbers, Taxpayer Identification Numbers, dates of birth, phone numbers, and financial account information. This combination provides cybercriminals with everything needed for identity theft, fraudulent account openings, tax fraud, and sophisticated phishing campaigns. The following banks and credit unions have been publicly identified as affected by the breach:

Banks

1. Artisans’ Bank
2. BayFirst National Bank
3. C&N Bank
4. Cape Cod Five
5. Capital City Bank Group
6. Community Bancshares of Mississippi, Inc.
7. Fidelity Cooperative Bank
8. First Northern Bank of Dixon
9. Gateway First Bank
10. IBERIABANK
11. Jonestown Bank & Trust Co.
12. New Peoples Bank
13. Newburyport Five Cents Savings Bank
14. Norway Savings Bank
15. Pentucket Bank
16. QNB Bank
17. Seneca Savings
18. StonehamBank Cooperative
19. Thomaston Savings Bank
20. Time Bank
21. TowneBank
22. Ulster Savings Bank
23. VeraBank

Credit Unions

24. 1st Northern California Credit Union
25. Abbott Laboratories Employees Credit Union
26. Advantage Federal Credit Union
27. Agriculture Federal Credit Union
28. Alltrust Credit Union
29. Bellwether Community Credit Union
30. Blaze Credit Union
31. Central Virginia Federal Credit Union
32. Clark County Credit Union
33. Community 1st Credit Union
34. Cornerstone Community Financial Credit Union
35. CoVantage Credit Union
36. CPM Federal Credit Union
37. CSE Federal Credit Union
38. CU Hawaii Federal Credit Union
39. Discovery Federal Credit Union
40. Earthmover Credit Union
41. Educators Credit Union
42. Energy Capital Credit Union
43. First Community Credit Union
44. Florida Credit Union
45. Fort Community Credit Union
46. Founders Federal Credit Union
47. Freedom of Maryland Federal Credit Union
48. Generations Federal Credit Union
49. Gesa Credit Union
50. Glendale Federal Credit Union
51. Hope Federal Credit Union
52. Industrial Federal Credit Union
53. Interior Federal Credit Union
54. Interra Credit Union
55. Kemba Financial Credit Union
56. Liberty First Credit Union
57. Maine State Credit Union
58. Market USA FCU
59. MemberSource Credit Union
60. Michigan First Credit Union
61. MACU
62. MIT Federal Credit Union
63. New Orleans Firemen’s Federal Credit Union
64. NIH Federal Credit Union
65. Pasadena Federal Credit Union
66. Pathways Financial Credit Union
67. Peake Federal Credit Union
68. Pelican Credit Union
69. PFCU Credit Union
70. Security Credit Union
71. ServU Credit Union
72. Suncoast Credit Union
73. Texoma Community Credit Union
74. University Credit Union
75. Valley Strong Credit Union
76. Westerra Credit Union
77. Whitefish Credit Union
78. Zing Credit Union

The Four-Month Delay

Marquis didn’t notify affected financial institutions until late October—over two months after the August 14 breach. Individual consumers received notification letters in early December, nearly four months post-compromise.

This delay likely violates federal and state data breach laws requiring notification “without unreasonable delay.” The extended timeline prevented victims from taking timely protective action when stolen data is most vulnerable to exploitation, potentially exposing Marquis to regulatory penalties and civil liability.

Nationwide Impact

The breach affected consumers across multiple states: Texas (354,000 individuals), Washington (269,773), Massachusetts (280,375), and significant numbers in South Carolina, Maine, and New Hampshire. Affected institutions include CoVantage Credit Union (160,000 members), Maine State Credit Union (38,334), and Norway Savings Bank (51,000). With Marquis serving over 700 financial institutions, the final victim count continues rising.

Your Legal Rights

If you received a breach notification, you may be entitled to compensation for time and expenses addressing the breach, out-of-pocket losses from identity theft, loss of privacy, diminished value of personal information, emotional distress, and statutory damages.

We are investigating a class action lawsuit against Marquis. Class actions allow affected individuals to combine claims, making it feasible to hold companies accountable. A successful lawsuit could provide monetary compensation while forcing stronger security practices.

Protect Your Rights: Contact The Lyon Firm

If you received a data breach notification from Marquis Software Solutions or your financial institution, you may be entitled to significant compensation. The experienced data breach attorneys at The Lyon Firm are investigating claims on behalf of affected individuals and can help you understand your legal options at no cost.

Time limits apply to data breach claims—contact us today for a free, confidential consultation.