As a provider of secure systems for managing money and a critical driver of the global economy, banking stands as one of the most essential industries today. In fact, did you know that the sector generated approximately $5.5 trillion in revenue globally in 2024 and employs millions of workers each year?
As a result of its lucrative and vital nature, the banking industry (and financial sector as a whole) is constantly under attack. This was recently demonstrated by a significant security incident involving a major fintech company.
Marquis, a Texas-based marketing and compliance software and services provider, recently fell victim to a ransomware attack. The incident allowed hackers to steal data from hundreds of thousands of users across 74 banking and credit union customers.
For the uninitiated, a ransomware attack is where malicious software locks up a victim’s files or system, making it inaccessible unless a ransom is paid, usually in cryptocurrency or gift cards.
Detected initially on August 14, 2025, the ransomware attack started after cybercriminals exploited a vulnerability in the company’s SonicWall firewall system. This allowed the hackers to steal confidential data, including names, addresses, phone numbers, dates of birth, financial account info, taxpayer ID numbers, and Social Security numbers.
Security researchers speculate that the Akira ransomware group was behind the attack given its similar campaigns that targeted SonicWall devices back in August and September.
According to a filing by financial cooperative and credit union Community 1st, Marquis paid the ransom demand to prevent the leak and abuse of stolen data.
Marquis claimed that there has been “no evidence of the misuse, or attempted misuse, of personal information” as a result of the incident. However, those affected by the attack were provided with free credit monitoring and identity protection services for one to two years.
In a data breach notification, the company also stated that it has “taken steps to reduce the risk of this type of incident.” It has also enhanced its security controls by ensuring all firewall devices are fully patched and updated, rotating passwords, and deleting old or used accounts, among other things.
With over 70 banks and credit unions affected, the ransomware attack on Marquis illustrates how a single point of failure can create an extremely broad attack surface, a hallmark of supply chain attacks. This means that organizations can implement strong defenses and strict compliance yet still find themselves at risk of breaches and operational disruption.
That said, organizations in the banking sector can strengthen their defenses from such incidents by implementing the following lessons:
Don’t just choose a vendor based solely on surface factors like cost or convenience. Instead, thoroughly vet them.
For example, review their security certifications, patch management practices, and incident response capabilities. Ensure they also encrypt sensitive data in transit and at rest, enforce strict access controls, and comply with industry regulations. Finally, check if the vendor has been involved in past data breaches, how they reacted, and what they did afterward to improve their security controls.
By carefully choosing your third-party vendors, you ensure proper safeguards are in place, reduce the risk of service interruptions, and eliminate potential weaknesses that may affect your operations.
The Marquis security incident involved hackers exploiting a vulnerability within the SonicWall VPN. And while security patches were likely applied to fix this flaw, it’s likely that the cybercriminals had already stolen login credentials beforehand, rendering the security patches ineffective.
So instead of relying on a single safeguard, why not implement multiple protective measures? This way, if one fails, other solutions can still defend your system and data from breaches.
Your multi-layered defense solution should include the following:
Also read: 6 Common Network Security Vulnerabilities Your Business Needs to Know
While Marquis was the one that experienced a ransomware attack, its clients suffered the consequences when the attackers stole login credentials and accessed confidential data. This highlights the need for robust internal disaster response plans that cover vendor failure.
As demonstrated by the Marquis ransomware attack, your business can become at risk at any time of credential compromise, unauthorized access to systems and data, and operational disruption.
Fortunately, Techmedics is here to help. We offer the following managed cybersecurity services that protect your organization from malicious activity and data breaches:
Techmedics delivers these services to businesses of all sizes and industries in Dallas, Los Angeles, Phoenix, and Denver. We even employ local engineers that understand regional business practices and industry regulations, allowing you to benefit from customized solutions and smoother communications.
A single vendor shouldn’t cause a single point of failure for your organization. Talk to us today to get a FREE consultation.
Experience the power of optimized IT solutions tailored to your business needs. Our team is ready to assess your current setup and provide valuable insights to propel your business forward. Don't miss out on this opportunity to revolutionize your IT infrastructure. Fill out the form to get started.
