Summary of Recent Data Breach Incident
Two U.S. banks, Artisans’ Bank and VeraBank, have disclosed their involvement in a significant ransomware attack linked to their third-party service provider, Marquis Software. This incident has indicated a glaring vulnerability within the supply chain of banking services, as attackers exploited weaknesses in the vendor’s network to gain unauthorized access to sensitive customer data.
The attack, which occurred in August 2025, has since resulted in the compromise of personal identifiable information (PII) affecting nearly 70,000 customers across both institutions. Essential data such as Social Security numbers and financial account details were exposed, raising serious concerns about the security measures in place at third-party vendors.
The investigations highlighted that the intrusion was able to bypass the internal security measures of both banks, revealing that the intrusion occurred through a vulnerability in a SonicWall firewall within Marquis Software’s network. This led to the exfiltration of a multitude of data sets that included names, addresses, phone numbers, dates of birth, Social Security numbers, and financial information.
According to regulatory filings, approximately 37,318 customers linked to VeraBank and 32,344 individuals associated with Artisans’ Bank were affected. The broader impact suggests a far-reaching breach potentially affecting between 788,000 to 1.35 million consumers across all companies relying on Marquis Software’s services.
Both banks began notifying customers as early as December 23, with VeraBank identifying the data breach on August 14 and Artisans’ Bank discovering the issue later, on November 4. They have since taken steps to mitigate the fallout, offering credit monitoring services as a precautionary measure for their clients.
This incident underlines the pressing need for financial institutions to rigorously evaluate their third-party vendors’ cybersecurity protocols. Vulnerabilities in external partners, particularly in critical infrastructure like firewalls, can lead to extensive risks for financial data security.
Presently, Marquis Software has communicated the data breach to at least 74 entities, with regulatory notification occurring in various U.S. states such as Maine and Washington. The observations suggest that while no specific ransomware group has taken official responsibility, discussions surrounding the possible payment of a ransom hint at the severity of the breach.
The consequences of this breach not only jeopardize customer trust but also serve as a critical reminder of the intricate relationship between banking ciphers and third-party vulnerabilities. To prevent similar incidents in the future, organizations must adopt a proactive stance towards cybersecurity, ensuring compliance and diligence with respect to their partners. As illustrated by this event and other recent cyberattacks within the sector, the importance of robust cybersecurity measures has never been more crucial for safeguarding sensitive consumer data.
