Key Points
- A ransomware attack hit Marquis in August. The breach exposed the personal data of customers from various U.S. banks and credit unions.
- Highly sensitive information, like Social Security numbers and financial details, was accessed.
- Hackers got in by exploiting a vulnerability in the company’s firewall.
- Marquis is now notifying the affected financial institutions, but says it has found no misuse of the data yet.
A marketing firm that works with U.S. banks and credit unions is now warning that a ransomware attack in August exposed sensitive customer data. The company, a Texas-based firm named Marquis, helps financial institutions with their digital and physical marketing.
According to a filing with Maine’s attorney general, hackers broke into Marquis’ systems on August 14 by exploiting a firewall vulnerability. After detecting suspicious activity on its network, an investigation confirmed that the company had been the victim of a ransomware attack.
The investigation revealed that the attackers accessed files containing a trove of personal information. The exposed data could include names, addresses, phone numbers, dates of birth, Social Security numbers, taxpayer identification numbers, and even some financial account information.
Marquis is now sending notifications on behalf of the banks and credit unions it works with, notifying their customers about the breach. The company is responsible for the data of both current and former clients of these financial institutions.
While the company stated that it has not yet found any evidence that the stolen information has been misused, the breach leaves affected customers vulnerable to identity theft and fraud.
