About Marquis Software Solutions Data Breach
In a startling revelation, it has been found that the data breach caused by a ransomware attack on Marquis Software Solutions, a marketing and compliance vendor, had a much larger impact than initially estimated. The breach, which affected the customers of several banks and credit unions, is now known to have compromised the data of at least 823,548 individuals, more than double the initial estimate of 400,000.
As the states and affected financial institutions continue to release notifications about the breach, the extent of the impact is being more fully understood. American Banker’s analysis of public disclosures by state attorneys general and financial institutions has given us the updated figures.
The states which have reported the highest number of affected individuals include Texas, with 354,289 victims, and Washington, where 269,773 residents across more than 30 financial institutions had their personal information compromised. South Carolina, Maine, and Iowa have also reported significant numbers of affected residents.
Details of the Breach
The compromised data, according to Marquis’ disclosures to multiple states, includes names, Social Security numbers, dates of birth, and financial account information. The breach was executed by exploiting a known vulnerability in a firewall product used by Marquis. The unauthorized third party accessed Marquis’ network via its SonicWall firewall on August 14, as revealed by the company in a letter to Iowa’s attorney general.
Security researchers have linked the breach to a campaign run by the Akira ransomware group. In 2021, the group exploited a critical improper access control vulnerability (CVE-2024-40766) in a SonicWall VPN product. Alarmingly, even after patching the software, the attackers were able to bypass multifactor authentication as part of the attack.
According to a report by Arctic Wolf Labs, login attempts were observed against accounts with the one-time password feature enabled in over half of the intrusions analyzed. It is believed that the attackers used valid credentials harvested from devices prior to the patch, which is how they defeated multifactor authentication and security patches.
As stated in a Sept. 10 alert from the Australian Cyber Security Centre, “Organizations remain vulnerable if they have not fully implemented the mitigation advice by updating credentials after updating the firmware.”
Response and Remediation
Even though Marquis has stated that it has “no evidence of the misuse” of the stolen data, internal communications suggest that it paid a ransom to suppress the data. This was revealed in a Nov. 7 email from Bobbi Terrell, chief compliance and business services officer at Community 1st Credit Union, sent to the Iowa attorney general.
Following the attack, Marquis has implemented additional security measures to strengthen its defenses. These include deploying an endpoint detection and response tool, rebuilding its impacted infrastructure with new operating systems, rotating passwords for local accounts, and applying stricter geographic-based IP filtering to its firewalls.
To assuage the concerns of affected customers, financial institutions began sending out notifications from late November. The institutions are also offering 12 to 24 months of complimentary credit monitoring and identity theft protection services through Epiq.
As we continue to rely heavily on digital systems, the importance of robust cybersecurity measures cannot be overstated. The Marquis data breach serves as a stark reminder of the vulnerabilities that can be exploited by malicious actors and the need for constant vigilance and updating of security protocols.
For more information, please read the original article here.
