Ransomware
β Supply Chain
Marquis Software Solutions Akira Ransomware Attack
Primary Source βIncident Details
Marquis Software Solutions, a marketing and compliance services vendor to 700+ US financial institutions, was hit by Akira ransomware on August 14, 2025. Threat actors exploited a critical SonicWall firewall vulnerability (CVE-2024-40766) and bypassed MFA. The breach ultimately impacted at least 80 banks and credit unions and approximately 823,548 customers. Exposed data included names, addresses, phone numbers, dates of birth, Social Security numbers, TINs, and financial account information. Reports indicated Marquis paid the ransom. In February 2026, Marquis filed a lawsuit against SonicWall alleging gross negligence. The breach toll later expanded beyond initial estimates.
Technical Details
- Initial Attack Vector
- Akira ransomware exploited CVE-2024-40766 (SonicWall VPN improper access control) to breach Marquis Software's network; attackers also bypassed MFA
- Vendor / Product
- SonicWall (VPN/firewall)
- Malware Family
- Akira
- CVE / GHSA References
- CVE-2024-40766
- Supply Chain Attack
- β Confirmed third-party / vendor compromise
Timeline
- 2025-08-14 Breach occurred
- 2025-10-01 Publicly disclosed
- 2026-01-01 Customers notified