More Banks Notify Customers After Marquis Ransomware Attack

What happened

Artisans’ Bank and VeraBank notify customers after Marquis ransomware attack as additional U.S. financial institutions confirmed data exposure linked to an August 2025 ransomware incident at Marquis Software, a core banking technology vendor. The attack compromised systems used by multiple banks, prompting delayed breach notifications to affected customers. Exposed data reportedly includes names, Social Security numbers, and account information, depending on the institution.

Who is affected

Bank customers receiving breach notifications are directly impacted, while financial institutions face regulatory scrutiny and incident response costs. Marquis Software remains central to the investigation.

Why CISOs should care

The incident underscores persistent third-party risk in financial services. Vendor breaches continue to trigger downstream data exposure well after the initial intrusion.

3 practical actions

1. Reassess vendor risk: Review security controls of critical service providers.

2. Test notification workflows: Ensure breach response timelines meet regulatory expectations.

3. Limit shared data: Reduce unnecessary data exposure to third parties.

John Kevin Hao

+ postsBio ⮌

John Kevin Hao is a news and feature writer covering cybersecurity, technology, and business targeted for professional audiences.

• John Kevin Hao

  CISO Diaries: Alessio Cipolletta on Security in Safety-Critical Aviation Environments
• John Kevin Hao

  FBI Warns of Kali365 Phishing-as-a-Service Platform After April Microsoft 365 Attacks
• John Kevin Hao

  Ukraine Probes Teen Suspect in Cyber Theft Scheme Targeting California Online Shoppers
• John Kevin Hao

  CISO Diaries: Jason Scanlon on Security Culture, Leadership, and the Human Side of Cybersecurity