Fintech firm Marquis has begun alerting a number of U.S. banks and credit unions that customer information was compromised during a cyber incident earlier this year.
The scope of the breach became clearer this week after Marquis submitted data-loss notifications to several U.S. states, confirming that its August 14 security event was the result of a ransomware attack.
The Texas-based company, which provides marketing and compliance tools, helps financial institutions consolidate and analyze customer information.
With more than 700 banks and credit unions listed as clients, Marquis maintains extensive datasets linked to consumer banking across the country.
State filings reviewed by TechCrunch show that at least 400,000 individuals have so far been identified as victims of the breach, based on mandatory disclosures submitted in Iowa, Maine, Texas, Massachusetts, and New Hampshire.
Texas currently represents the largest share of impacted residents, with at least 354,000 people affected.
In a filing with Maine’s attorney general, Marquis said customers connected to the Maine State Credit Union made up the majority of its notifications, estimating that they account for roughly one out of every nine known victims within the state.
Related story: Client Details from JPMorgan, Citi, and Morgan Stanley may have been caught up in a Vendor Cyber Breach
Scope of Stolen Information Continues to Expand
Officials anticipate that the number of people affected will continue to grow as additional states issue their own breach notices.
Marquis said the attackers accessed personal information including names, birthdates, mailing addresses, and sensitive financial data such as bank account, debit card, and credit card numbers. The company also confirmed that customers’ Social Security numbers were taken.
According to its latest disclosures, Marquis said the incident stemmed from hackers exploiting a flaw in its SonicWall firewall.
The company noted that the vulnerability qualified as a zero-day — a software weakness unknown to SonicWall or its clients prior to being used for malicious purposes.
While Marquis did not directly identify the group behind the attack, reports at the time indicated that the Akira ransomware gang was responsible for a wave of intrusions targeting SonicWall users.
TechCrunch sought clarification from Marquis on the total number of affected individuals, whether the company received any communication from the attackers, or whether a ransom was paid, but the company did not respond before publication.
Read next: Nvidia’s Finance Chief Says Massive $100 Billion OpenAI Partnership Still Unsettled