Marquis Financial Services Ransomware Attack Details
Marquis, a Texas-based financial services provider, disclosed on March 18, 2026, that cybercriminals executed a sophisticated ransomware attack in August 2025 that compromised the personal data of more than 670,000 individuals. The attack simultaneously disrupted operations at 74 banks across the United States that relied on Marquis's financial technology services.
The ransomware incident represents one of the largest financial sector breaches disclosed in 2026, highlighting the cascading impact that attacks on third-party service providers can have across the banking industry. Marquis provides core banking technology services, payment processing, and financial data management to community banks and credit unions throughout the United States.
According to the company's breach notification, the attackers gained unauthorized access to Marquis's network infrastructure and deployed ransomware that encrypted critical systems while simultaneously exfiltrating sensitive customer data. The attack forced Marquis to take several core systems offline, creating operational disruptions that rippled through its client bank network for several days in August 2025.
The seven-month delay between the attack and public disclosure raises questions about notification timelines in the financial services sector. Industry experts note that financial institutions often face complex regulatory requirements when disclosing breaches that affect multiple banking partners, which can extend investigation and notification periods beyond typical consumer breach disclosure windows.
Related: Ericsson US Hit by Data Breach Through Service Provider
Related: Loblaw Logs Out All Users After Security Incident
Related: Starbucks Data Breach Exposes Employee Personal Info
Related: Companies House Fixes WebFiling Flaw Exposing UK Firms
Related: Cognizant TriZetto breach exposes 3.4M patient records
Marquis has not publicly identified the specific ransomware group responsible for the attack, though the company confirmed that law enforcement agencies including the FBI and relevant financial regulators were notified immediately following the incident discovery. The attack methodology and scale suggest involvement by an established ransomware operation with experience targeting financial services infrastructure.
Scope of Data Compromise and Banking Disruption
The breach affected 670,000 individuals whose personal and financial information was stored in Marquis's systems, making it one of the largest financial data breaches reported in early 2026. The compromised data includes names, addresses, Social Security numbers, account numbers, and transaction histories for customers of the 74 affected banking institutions.
The 74 disrupted banks represent a mix of community banks, credit unions, and regional financial institutions across multiple states, primarily in Texas, Oklahoma, Arkansas, and Louisiana. These institutions rely on Marquis for core banking services including account management, loan processing, payment systems, and regulatory compliance reporting. During the attack, many of these banks experienced temporary service outages that prevented customers from accessing online banking, mobile applications, and some ATM services.
Financial institutions affected by the Marquis incident include both consumer-facing banks and business banking services, expanding the potential impact to include small business financial data and commercial banking records. The breach notification indicates that some affected individuals may have accounts at multiple institutions within the Marquis network, potentially exposing them to compound privacy risks.
Regulatory oversight for the incident involves multiple agencies including the Federal Deposit Insurance Corporation (FDIC), Office of the Comptroller of the Currency (OCC), and state banking regulators in affected jurisdictions. Each affected bank must now conduct individual risk assessments and may face regulatory scrutiny regarding their third-party vendor risk management practices.
Response Measures and Security Recommendations
Marquis implemented immediate containment measures following the ransomware deployment, including isolating affected systems, engaging cybersecurity forensics specialists, and coordinating with law enforcement agencies. The company worked with external security firms to rebuild compromised infrastructure and implement enhanced monitoring capabilities before restoring full service operations.
Financial institutions using Marquis services should immediately review their incident response procedures and validate that customer notification processes are activated. Banks should monitor customer accounts for unusual activity and consider implementing additional fraud monitoring for affected account holders. CISA's Known Exploited Vulnerabilities catalog provides guidance on securing financial services infrastructure against similar attacks.
Affected individuals should monitor their credit reports, bank statements, and financial accounts for unauthorized activity. The breach notification recommends that customers consider placing fraud alerts or credit freezes on their credit files and review statements from all financial institutions where they maintain accounts. Marquis is providing free credit monitoring services to affected individuals for a period of two years.
The incident underscores the critical importance of third-party risk management in the financial services sector. Banks should conduct comprehensive security assessments of all technology vendors and ensure that incident response plans account for vendor-related disruptions. Financial institutions should also validate that their vendor contracts include appropriate cybersecurity requirements and breach notification obligations that align with regulatory expectations.
