A major data breach tied to U.S. fintech firm Marquis is rippling through banks, credit unions and their customers. Hackers broke into Marquis systems by exploiting a known but unpatched vulnerability in a SonicWall firewall, gaining access to deeply sensitive consumer data.

At least 400,000 people are confirmed to be affected so far across multiple states. Texas has been hit the hardest with more than 354,000 residents impacted. That number is expected to rise as additional breach notifications are filed.

Marquis operates as a marketing and compliance provider for financial institutions. The company says it serves more than 700 banks and credit unions nationwide. That role gives Marquis access to centralized pools of customer data, which also makes it a high-value target.

PASSWORD MANAGER FINED AFTER MAJOR DATA BREACH

Sign up for my FREE CyberGuy ReportGet my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

A major data breach tied to fintech firm Marquis exposed sensitive banking and identity data for hundreds of thousands of people. (Kurt 'CyberGuy' Knutsson)

What information was stolen in the Marquis cyberattack

According to legally required disclosures filed in Texas, Maine, Iowa, Massachusetts and New Hampshire, hackers accessed a wide range of personal and financial data. Stolen information includes customer names, dates of birth, postal addresses, Social Security numbers and bank account, debit, and credit card numbers. The breach dates back to Aug. 14, when attackers gained access through the SonicWall firewall vulnerability. Marquis later confirmed the incident was a ransomware attack.

While Marquis did not publicly name the attackers, the campaign has been widely linked to the Akira ransomware gang. Akira has previously targeted organizations running SonicWall appliances during large-scale exploitation waves. This was not a routine credential leak.

We reached out to Marquis for comment, and a company spokesperson provided CyberGuy with the following statement:

"In August, Marquis Marketing Services experienced a data security incident. Upon discovery, we immediately enacted our response protocols and proactively took the affected systems offline to protect our data and our customers’ information. We engaged leading third-party cybersecurity experts to conduct a comprehensive investigation and notified law enforcement.

The incident was quickly contained, and our investigation was recently completed. It was determined that an unauthorized third party accessed certain non-public information within our network. However, there is no evidence indicating that any personal information has been used for identity theft or financial fraud. We have notified potentially affected individuals.  

We know our customers place great trust in us, and at Marquis, we take that responsibility seriously by making the protection of their information our highest priority. We are extremely appreciative of the cooperation, understanding, and support of our employees and customers during this time."

HOW TO STOP IMPOSTOR BANK SCAMS BEFORE THEY DRAIN YOUR WALLET 

Why the Marquis data breach creates long-term identity risk

When a data breach exposes your full identity, the danger does not disappear after the news cycle ends. Unlike a stolen password, this kind of information cannot be changed, which means the risk can stick around for a long time.

"With a typical credential leak, you reset passwords, rotate tokens and move on," Ricardo Amper, CEO and Founder of Incode Technologies, a digital identity verification company, tells CyberGuy. "But core identity data is static. You cannot meaningfully change your date of birth or SSN, and once those are exposed, they can circulate on criminal markets for years. The breach is a moment in time, but the exposure it creates can follow people for the rest of their financial lives."

That is why identity breaches are so dangerous. Criminals can reuse the same stolen data years later to open new accounts, build fake identities, or run highly targeted scams that feel personal and convincing. Many attackers now combine this data with AI tools to scale their efforts. As a result, phishing emails, phone calls and even voice impersonations are harder to spot when they reference real details about your bank or account history.

The most likely scams after identity data is stolen

When criminals obtain verified identity data, fraud becomes targeted rather than opportunistic. "Once criminals get their hands on rich, verified identity data, fraud stops being a guessing game and becomes a targeted execution," Amper said. 

The first major threat is account takeover. With enough personal details, attackers can bypass knowledge-based checks, reset passwords, change contact information and abuse accounts in ways that often look legitimate. The second risk is new account fraud. This includes credit cards, loans, buy now pay later services and even new bank accounts. High-quality data helps these applications pass automated systems and manual reviews.

The fastest-growing threat is synthetic identity fraud. Real data, like a Social Security number, is blended with fabricated details to create a new identity that matures over time before a large financial bust. 

"These attacks are hard to catch early because the data being presented is accurate and often reused across multiple institutions," Amper noted. "If your defenses can't reliably tell a real human from an AI-generated impersonation, you are starting every decision from a position of disadvantage," he added.

Why unpatched firewall flaws pose such a serious threat

Ransomware groups like Akira increasingly focus on widely deployed infrastructure to maximize impact. Firewalls sit at the boundary of trusted networks. When one is compromised, everything behind it becomes reachable. "What we're seeing with groups like Akira is a focus on maximizing impact by targeting widely used infrastructure. The strategy remains the same: find a single weak point that gives access to many downstream victims at once," Amper said. 

This approach exposes a persistent blind spot in traditional cybersecurity thinking. Many organizations still assume traffic passing through a firewall is safe. "When the perimeter device itself is the entry point, static defenses and outdated controls simply can't keep up," Amper explained.

Hackers accessed names, Social Security numbers and bank details by exploiting an unpatched firewall vulnerability.  (Kurt "CyberGuy" Knutsson)

How long affected consumers should assume risk remains high

Identity data does not expire. Social Security numbers and birthdates stay the same for life. Amper emphasizes that, "When core identity data reaches criminal markets, the risk does not fade quickly. Fraud rings treat stolen identity data like inventory. They hold it, bundle it, resell it and combine it with information from new breaches." 

Warning signs of misuse can be subtle. These include credit inquiries you did not authorize, account recovery alerts from unfamiliar services or phone calls that convincingly mimic a bank's verification process using deepfake voice tools. "The most damaging fraud often starts long after the breach is no longer in the news," Amper added.

The overlooked impact of identity theft

Financial losses are only part of the damage. Victims often experience a lasting erosion of trust. Amper says, "The most overlooked consequence is the psychological toll of knowing that you can no longer trust who is contacting you. Deepfake impersonation turns every phone call, video message or urgent request into a potential attack."

Ways to stay safe after the Marquis data breach

When a breach exposes Social Security numbers, bank details and birthdates, the risk does not end with a password reset. These steps focus on protections that reduce long-term identity misuse and help you detect fraud early.

1) Freeze your credit with all major bureaus

A credit freeze prevents criminals from opening new accounts in your name using stolen identity data. This is critical after the Marquis breach, where full identity profiles were exposed. Freezing credit does not affect your score and can be lifted temporarily when needed. Place a free credit freeze with Equifax, Experian and TransUnion online or by phone. Each bureau must be contacted separately. Once frozen, new credit cannot be opened unless you temporarily lift or remove the freeze using a PIN or account login.

2) Place a fraud alert on your credit file

A fraud alert tells lenders to take extra steps to verify your identity before approving credit. It adds protection if you are not ready to freeze credit everywhere or want an extra layer on top of a freeze. Fraud alerts last for one year and can be renewed. You only need to contact one credit bureau to place a fraud alert. Equifax, Experian or TransUnion will notify the others for you. Fraud alerts are free and last for one year.

3) Enable transaction and account alerts

Turn on alerts for withdrawal, purchase, login attempts and password changes across all financial accounts. Real-time alerts can help you catch account takeovers or unauthorized activity before serious damage occurs.

4) Review bank statements and credit reports regularly

Check statements and credit reports often, even months or years after the breach. Identity data from incidents like this is frequently reused later for delayed fraud. Watch for unfamiliar accounts, hard inquiries or small test charges.

5) Use phishing-resistant two-factor authentication

Text message codes can be intercepted or socially engineered. Where possible, switch to app-based or hardware-backed two-factor authentication. These options are harder for attackers to bypass, even when they know your personal details.

6) Rely on strong device-based biometrics where available

Biometrics tied to your physical device add a layer that criminals cannot easily replicate. Face and fingerprint authentication help block account takeovers driven by stolen identity data or AI-powered impersonation.

7) Use strong antivirus software

Reputable antivirus software helps detect malicious links, fake login pages and follow-up attacks that target breach victims. This adds protection against phishing and ransomware tied to identity-based scams.

The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com.

THIRD-PARTY BREACH EXPOSES CHATGPT ACCOUNT DETAILS

8) Consider a data removal service

Data brokers collect and resell personal information that can be combined with breach data to fuel targeted fraud. A data removal service reduces how much of your personal information is publicly available and lowers your exposure over time.

While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren't cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It's what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

Experts warn this type of identity exposure can fuel fraud and scams for years after the breach is discovered. (Kurt ‘CyberGuy’ Knutsson)

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

9) Add an identity theft protection service

Identity theft services monitor credit files, dark web markets and account activity for signs that your stolen data is being misused. Many also offer recovery assistance in the event of fraud, which can save time and stress when dealing with banks, credit bureaus and government agencies. This monitoring is especially useful after breaches like Marquis, where identity data can resurface long after the initial incident.

See my tips and best picks on how to protect yourself from identity theft at Cyberguy.com.

10) Verify unexpected outreach through official channels

Be cautious of urgent calls, emails or texts that reference real banking or personal details. Scammers now use accurate breach data to sound legitimate. Hang up and contact your bank directly using the number on your card or official website.

11) Lock down tax and government accounts

Create or secure online accounts with the IRS, Social Security Administration and your state tax agency. Enable strong authentication and monitor for unexpected notices. Stolen identity data is often used for tax refund fraud or benefit scams long after a breach.

Kurt's key takeaways 

The Marquis data breach highlights how dangerous unpatched infrastructure vulnerabilities have become for the financial sector. When a single vendor holds data for hundreds of institutions, the fallout spreads quickly. For you, identity protection is no longer a one-time response. It is an ongoing necessity that can last years beyond the initial breach.

What questions do you still have about protecting your identity after a major data breach like this one? Let us know by writing to us at Cyberguy.com.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Sign up for my FREE CyberGuy Report Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

Copyright 2025 CyberGuy.com.  All rights reserved.