The Weekly Breach Breakdown Podcast: Noblesse Oblige – Marquis Breach Impacts Rise - S7E4

Show Transcript

Welcome to the Identity Theft Resource Center's (ITRC) Weekly Breach Breakdown for February 13, 2026. I'm Alex Achten, Vice President of Media Relations for the ITRC. Thanks to Sentilink for supporting the ITRC and this podcast. Each week, we review the latest events and trends in data security and privacy. Today, we will examine the Marquis data breach. We are not referring to a high-ranking hereditary noble in the European peerage. Rather, the software solutions provider. 

Last month, Marquis Software Solutions, which enables hundreds of banks and credit unions to visualize their customer data, began notifying hundreds of thousands of people that their information was stolen in a ransomware attack. According to TechCrunch, the company has access to large amounts of data belonging to U.S. consumer banking customers, including personal information, financial data and Social Security numbers that were stolen. 

While a company spokesperson declined to provide a number of how many people were impacted by the Marquis data breach to TechCrunch, as of February 4, American Banker reported that 80 banks and 824,000 consumers were affected. These numbers could rise as new data breach notices are submitted to state attorneys general. 

Now, Marquis is pointing the finger at the cybersecurity company, SonicWall. According to Bleeping Computer, Marquis is sending a letter to customers that says the ransomware operations didn’t breach its systems by exploiting an unpatched SonicWall firewall, as previously believed. Instead, the attackers used information obtained from firewall configuration backup files stolen after gaining unauthorized access to SonicWalls’ MySonicWall online customer portal. 

SonicWall disclosed the security breach mentioned by Marquis on September 17, 2025, when it warned customers to reset their MySonicWall account credentials and said the incident affected only about five (5) percent of its firewall customers using its cloud backup service.

The company also warned that threat actors could extract access credentials and tokens, making it "significantly easier" to compromise affected customers' firewalls. However, roughly three weeks later, SonicWall issued an update confirming that all customers using its cloud backup service were affected by the September breach.

One month later, it published another update stating that an investigation into the September attack found evidence linking the incident to state-sponsored hackers. Bleeping Computer reports that it contacted SonicWall, but a spokesperson has not yet responded. 

The ITRC has had multiple victims contact us who have received a Marquis data breach notice for a deceased spouse. Our data department also continues to monitor the breach closely. We will provide additional details in our monthly newsletter, In the Loop, as we learn more. You can subscribe by visiting our website, idtheftcenter.org, and clicking on “Newsletter” under the “Resources” tab. You can also click here.

To protect yourself from data events like the Marquis data breach, freeze your credit, whether you have received a victim notice or not. It is the single most impactful thing you can do to protect yourself. For more information on how to freeze your credit, visit frozenpii.com, which is powered by the ITRC.

Also, practice good cyber hygiene by switching to passkeys when offered and using a unique 12+ character passphrase for each account when not. When using passphrases, enable multi-factor authentication wherever available to provide an additional layer of security. 

If you receive a Marquis data breach notice, take all the actions mentioned above and also follow the advice in the notice. Watch for phishing attempts that claim to be from Marquis. 

You can download our 2025 Annual Data Breach Report for a look at all of the data breaches and trends from 2025, as well as additional information on how to protect yourself. Visit the “Reports” section of our website, idtheftcenter.org, or click here.

If you want to know more about how to protect your business or personal information or think you have been the victim of identity theft, fraud or a scam, you can speak with an expert ITRC advisor on the phone, via text message, chat live on the web or exchange emails during our normal business hours (6 a.m.-5 p.m. PT). Just visit idtheftcenter.org to get started.

Thanks again to Sentilink for their support of the ITRC and this podcast. Please hit the like button for this episode and subscribe wherever you listen to your podcasts. 

We will return next week with another episode of the Weekly Breach Breakdown. I’m Alex Achten. Until then, thanks for listening.