Ransomware Attack Exposes Customer Data of Marquis Software Solutions
A recent ransomware attack on Marquis Software Solutions has resulted in significant data breaches affecting multiple financial institutions. This incident highlights the vulnerabilities that can arise when third-party software vendors are compromised, exposing sensitive customer information.
Marquis, a Texas-based company that develops marketing and compliance software for over 700 banks and credit unions, confirmed that its network was breached on August 14. The company’s client list includes Artisans’ Bank in Wilmington, Delaware, and VeraBank in Henderson, Texas, both of which have reported unauthorized access to the personal data of tens of thousands of customers.
The breach involved a ransomware group exploiting vulnerabilities in Marquis’ SonicWall firewall, leading to unauthorized access to customer data files managed on behalf of Marquis’ business clients. Initial forensic investigations indicated that the breach’s scope was limited to Marquis’ infrastructure, according to regulatory disclosures.
The exposed data compromises various personal identifiers, including names, addresses, Social Security numbers, financial account details without security codes, and birthdates. In its communication to regulators, Marquis stated that “suspicious activity” was first detected on August 14, culminating in the acknowledgment of a ransomware attack.
As of now, no specific ransomware group has claimed responsibility for the attack, and it remains uncertain whether Marquis paid any ransom. However, it’s notable that affiliates of the Akira ransomware-as-a-service group have targeted SonicWall products in similar incidents. Due to this prior activity, it raises concerns regarding the persistent threats posed by such adversaries.
In response to the breach, Artisans’ Bank informed regulators that it would notify 32,344 individuals about the compromise of their personal information. Marquis first alerted the bank to the potential data exposure on October 28, initiating further investigations to determine the full extent of compromised files.
VeraBank followed suit, notifying approximately 37,318 customers that their data was exposed, offering them 24 months of credit monitoring and fraud protection services. They conducted a thorough review of the compromised files, concluding the assessment on December 12, and informed customers that the shared data was intended to better tailor banking products and services to their needs with contractual agreements for data security in place.
Preliminary reports indicate that the total number of individuals affected by the Marquis breach may exceed 1.4 million. This incident serves as a stark reminder of the importance of robust cybersecurity measures and due diligence in vendor relationships.
In analyzing the attack through the lens of the MITRE ATT&CK framework, it is plausible that tactics such as initial access, exploitation of external vulnerabilities, and lateral movement were employed by the adversaries. Business owners must stay vigilant about the potential repercussions of third-party breaches and ensure their cybersecurity strategies encompass thorough vetting and continuous monitoring of external partners.
