A ransomware and data exposure incident at fintech vendor Marquis affected customer data for more than 70 US banks and credit unions, revealing names, Social Security numbers and account details. Affected institutions issued breach notices and identity protection offers while security firms warned of heightened phishing and account takeover risk for customers.

Security reporting on December 5, 2025, detailed a ransomware and data exposure incident at Marquis, a fintech analytics vendor whose systems were compromised, impacting customer data across more than 70 US banks and credit unions. The breach reportedly exposed sensitive information including names, Social Security numbers and account metadata, prompting affected institutions to issue notifications and to offer credit monitoring or identity protection services to impacted consumers. Cybersecurity firms and incident responders cautioned that vendor compromises of this scale commonly catalyze targeted phishing campaigns, credential stuffing and account takeover attempts as attackers exploit exposed personal data to refine social engineering assaults. The incident underscores the systemic risk posed by third-party providers in the financial sector, where a single breach can cascade across many institutions and customer bases. Regulators and industry groups are expected to scrutinize vendor risk management practices, contractual security requirements and incident response coordination to mitigate similar supplier-driven exposures. Customers were advised to monitor account statements, enable multifactor authentication, and report suspicious communications to their banks and to federal authorities.