Fintech company Marquis is notifying dozens of banks and credit unions in the US that consumer data was stolen in an August ransomware attack.
The Texas-based company, a marketing and compliance provider that allows banks and other financial institutions to collect and visualise their customer data in one place, began filing legally required notices in multiple US states this week regarding the 14 August breach.
It has more than 700 banking and credit union customers, according to its website, and stores large amounts of data on consumer banking customers across the US.
Financial data stolen
So far it has confirmed that more than 400,000 people are affected by the breach in disclosures filed in Iowa, Maine, Massachusetts, New Hampshire and Texas, but the figure is expected to rise as it files more disclosures.
Thus far the majority of the customers affected are in Texas, with at least 354,000 people, according to Marquis’ filing for that state.
In Maine, it said customers with the Maine State Credit Union accounted for the largest number of its breach notifications, which it said amounted to one in nine of the people known to be affected in the state.
The data stolen included customer names, dates of birth, postal addresses, and financial information such as bank account and debit and credit card numbers, in addition to social security numbers, Marquis said.
SonicWall breach
It said the ransomware attack occurred after hackers exploited a previously unknown, or zero-day, flaw in its SonicWall firewall.
Marquis did not indicate who it thought the attackers were, but security researchers have said the Akira ransomware gang was behind a campaign of attacks on fully patched SonicWall security products at the time.
