Adidas Data Breach Compromises Customer Data! Is Yours Affected?
A hacker coding Unsplash

A ransomware attack on Texas-based fintech and software provider, Marquis Software Solution, compromised the private data of at least 780,000 people.

The issue didn't just expose the company's shortcomings, but also prompted renewed scrutiny of the US banking supply chain's security. Experts have begun weighing in on the matter and are connecting the dots to identify the attackers behind the breach.

Attack Attributed Through Unauthorised Firewall Access

Security Week notes that the data breach was caused by unauthorised access through a SonicWall firewall. The company detected suspicious activity on 14 August 2025 and later confirmed it had suffered a ransomware attack.

According to the notification filed with the Maine Attorney General's Office, a third party accessed its network through a SonicWall firewall and may have copied files containing sensitive customer information from multiple institutions. Federal law enforcement has been notified, and cybersecurity specialists have been called in to investigate.

Experts say the Marquis data breach is part of a growing pattern in which ransomware groups exploit weaknesses in perimeter devices rather than traditional internal systems.

Speaking to SC World, John Carberry of Xcape Inc. said the breach shows how even a single supplier can expose data across multiple banks, even when those banks have strong internal security.

He adds that the remediation steps Marquis has taken, including multi-factor authentication updates, account lockouts, geo-IP filtering and botnet blocking, indicate that the intruders may have gained access through a VPN account rather than a deeper internal compromise.

The attack can be compared to the 2026 Akira ransomware group campaign, wherein the attackers exploited CVE-2024-40766 before moving on to stolen VPN credentials and session keys. Those attacks allowed entry even after patches were installed.

Marquis hasn't pinpointed the exact perpetrators who could've done the attack. However, many security analysts theorise that the Akira group is most likely behind the Marquis data breach, given that their strategy bears a resemblance to what happened.

Marquis' Next Steps

Marquis serves more than 700 financial institutions across the country and offers them data-driven marketing systems, customer data platforms, analytics and compliance support.

Financial institutions depend on the firm to centralise customer information for campaigns, reporting and fair-lending analysis, making Marquis a vital part of the chain for many mid-sized institutions.

As for its next steps, Marquis has begun contacting affected individuals and filing disclosures with state authorities, including in Maine, Iowa and Texas.

Among the states where Marquis operates, TechCrunch reports that its operations in Texas were most affected by the breach. As of now, the breach has affected at least 354,000 people in the state. From a broader perspective, the attack exposed the clientele of 74 banks.

Letters sent to those affected state that the exposed information includes names, addresses, phone numbers, Social Security numbers, taxpayer identification numbers, dates of birth, and, in some cases, account details.

The firm said it has seen no proof that anyone's information has been misused, but it is offering free credit monitoring and identity theft protection. For now, people with accounts at banks tied to Marquis are advised to keep a close watch on developments regarding the cyber attack.

Writer's pick