Fintech firm Marquis is alerting dozens of US banks and credit unions of a data breach following a ransomware attack

Fintech company Marquis notified dozens of U.S. banks and credit unions that they had customer data stolen in a cyberattack earlier this year.

Details of the cyberattack emerged this week after Marquez filed data breach notices with several US states confirming the August 14 incident as a ransomware attack.

Texas-based Marquis is a marketing and compliance services company that allows banks and other financial institutions to collect and visualize all of their customer data in one place. The company lists more than 700 bank and credit union customers on its website. As such, Marquis has access to and stores large amounts of data on consumer banking customers across the United States.

So far, at least 400,000 people have been confirmed to have been affected by the data breach, according to legally required disclosures filed in Iowa, Maine, Texas, Massachusetts and New Hampshire and reviewed by TechCrunch.

Texas has the largest number of state residents yet to have their data stolen in the hack, affecting at least 354,000 people.

Maine Credit Union banking customers account for the majority of data breach notifications, or about one in every nine people known to be affected across the state, Marquis said in his notice to the Maine Attorney General.

The number of individuals affected by the breach is expected to rise as more data breach notifications arrive from other states.

Marquez said the hackers stole customers’ names, dates of birth, mailing addresses and financial information, such as bank, debit and credit card account numbers. The hackers also stole customers’ Social Security numbers, Marquez said.

According to its latest notice, Marquis blamed the ransomware attack on hackers who exploited a vulnerability in its SonicWall firewall. The vulnerability was considered a zero-day, meaning the flaw was not known to SonicWall or its customers before it was maliciously exploited by hackers.

Marquis did not attribute the ransomware attack to a specific group, but the Akira Ransomware gang was reportedly behind the mass hacks targeting SonicWall customers at the time.

TechCrunch asked Marquis whether it was aware of the total number of people affected by the hack, whether Marquis had received any contact from the hackers or whether the company had paid a ransom, but we had not heard back as of press time.

Do you know more about the Marquis data breach? Do you work for Marquis or a company affected by the hack? We would love to hear from you. To communicate securely with this reporter, you can contact him using the Signal app via the username: zackwhittaker.1337