TL;DR: Marquis, a fintech company providing marketing and compliance services to over 700 banks and credit unions, got hit by the Akira ransomware gang on August 14, 2025. The attackers walked in through an unpatched SonicWall firewall, a vulnerability that was already known. At least 400,000 people are confirmed affected, with Texas taking the hardest hit at 354,000+ residents. The stolen data includes SSNs, bank account numbers, and credit card numbers. That number is expected to climb.

One Unpatched Firewall

On August 14, 2025, the Akira ransomware gang exploited a known vulnerability in Marquis's SonicWall firewall appliance. Not a zero-day. Not some exotic attack chain. A vulnerability that had a patch available [1].

Marquis discovered the breach and took affected systems offline. But by then, the attackers had already grabbed what they came for.

This isn't the first time Akira has used SonicWall as a front door. The group has a documented history of targeting organizations running unpatched SonicWall appliances, exploiting them in large-scale waves [2].

What the Attackers Got

The data haul reads like a financial fraud checklist:

  • Full names and dates of birth
  • Home addresses
  • Social Security numbers
  • Bank account numbers
  • Debit and credit card numbers

This isn't just PII. It's the keys to people's financial lives. With a name, SSN, date of birth, and bank account number, attackers can open new accounts, initiate unauthorized transfers, file fraudulent tax returns, and build synthetic identities.

The Supply Chain Problem

Here's what makes this breach different from your average ransomware hit: most of the 400,000+ affected people have never heard of Marquis.

Marquis operates behind the scenes. They provide marketing, data analytics, and compliance services to over 700 banks and credit unions across the country [3]. Your local credit union probably shares customer data with companies like this for account services and marketing campaigns. You never agreed to that relationship directly. Your bank did.

So when Marquis gets breached, it's not just one company's problem. It ripples through hundreds of financial institutions and their customers.

Texas was hit hardest, with over 354,000 residents affected. The total count is expected to grow as more states process notification filings.

Akira: The Group Behind the Attack

Akira has been one of the most active ransomware operations since its emergence in March 2023. The group runs a classic double-extortion model: encrypt your systems, steal your data, and threaten to publish it if you don't pay.

Their calling card: targeting known vulnerabilities in VPN appliances and network edge devices, especially SonicWall and Cisco products. They don't need to find new bugs. They just wait for organizations that don't patch [4].

In January 2026 alone, Akira claimed responsibility for attacks on Marquis, Paylogix, Hein Electric Supply, Gorlick Kravitz & Listhaus, and Cognesense, part of an ongoing spree across industries.

What You Should Do

If you bank with a community bank or credit union, your data may have been handled by Marquis without your knowledge. Here's how to protect yourself:

  1. Freeze your credit immediately at all three bureaus: Equifax (1-888-298-0045), Experian (1-888-397-3742), and TransUnion (1-800-680-7289). A freeze is free and stops new accounts from being opened.
  2. Monitor your bank statements closely for unauthorized transactions. Set up real-time transaction alerts through your bank's app.
  3. File an IRS Identity Protection PIN at irs.gov to prevent tax return fraud.
  4. Watch for phishing attempts that reference your bank by name. Attackers with this data will craft convincing emails and phone calls pretending to be your financial institution.
  5. Consider new account numbers. If your bank confirms your data was in the Marquis breach, ask about issuing new account and card numbers.
  6. Enable two-factor authentication on all financial accounts, preferably using an authenticator app rather than SMS.

The Patch Problem

A known vulnerability. A patch that existed. A firewall that wasn't updated.

400,000+ people are now dealing with the consequences of someone at Marquis not applying a security update to their SonicWall appliance.

This is the unglamorous reality of most data breaches. It's not nation-state hackers using sophisticated tools. It's ransomware gangs scanning the internet for organizations that haven't patched known holes. And they keep finding them, because companies keep leaving the doors open.

Your bank chose Marquis as a vendor. Marquis chose not to patch their firewall in time. And now your Social Security number and bank account details are in the hands of a ransomware group. You had zero say in any of those decisions.

References

  1. Fox News: Marquis data breach hits 400,000 people via SonicWall vulnerability (January 2026)
  2. BreachSense: Data breaches in January 2026
  3. Morgan & Morgan: The Data Breach Brief: Week of January 19th, 2026
  4. SharkStriker: Top data breaches of January 2026