View All Posts

Marquis Data Breach: What Credit Union Marketers Can Learn (And Do Next)

Last updated:

If you are a credit union marketer, the Marquis data breach is a reminder that “marketing tech” can quickly become a high-impact security event.

Marquis Software Solutions, a vendor used by banks and credit unions for services that can include analytics and digital marketing support, disclosed that a ransomware attack led to unauthorized access to files containing sensitive consumer data.

Public reporting and filings describe the entry point as a SonicWall firewall vulnerability, with exposed data potentially including names, Social Security numbers, dates of birth, and some financial account details.

What Happened In The Marquis Data Breach?

The Marquis data breach refers to a ransomware incident discovered on August 14, 2025, where an attacker exploited a firewall vulnerability and potentially accessed or copied files that included sensitive personal information provided by Marquis’s business customers.

What is publicly known from reporting and state breach portals:

  • The incident was discovered August 14, 2025.

  • The intrusion path reported is a SonicWall firewall vulnerability.

  • The data types cited in notices and reporting can include names, addresses, phone numbers, dates of birth, Social Security numbers, taxpayer IDs, and some financial account information (varies by person and institution).

  • Multiple sources describe downstream impact across 74 banks and credit unions, with confirmed affected individuals commonly reported at 400,000+ and some reporting estimating higher totals as notifications expand.

  • Reuters reporting noted there was no indication of misuse at the time of the filing referenced.

Why The Marquis Data Breach Matters To Credit Union Marketing

Marketing teams handle “member context” that is extremely valuable and extremely sensitive, including:

  • Personally identifiable information (PII) used for personalization and eligibility

  • Transaction-adjacent signals (behavior, intent, channel engagement)

  • Segmentation logic and audience definitions

  • Channels that can directly influence member actions (email, SMS, in-app, digital banking messaging)

And the Marquis breach is a clear example of how a third-party platform used for analytics, CRM, and digital marketing services can become the entry point for widespread exposure, even if a credit union’s internal systems weren’t directly compromised.

When breaches happen in marketing-adjacent technology, the impact isn’t limited to a spreadsheet of email addresses. It can affect:

  • Member trust
  • Deliverability and sender reputation
  • Digital engagement
  • Brand sentiment
  • Long-term retention

It can also trigger regulatory scrutiny and operational disruption well beyond the marketing department.

That means that security isn’t “just an IT thing” anymore. 

What Credit Union Marketers Should Do Next After The Marquis Data Breach

You do not need to become a security engineer. You do need a marketing-ready security posture that reduces exposure and speeds up decision-making.

1) Treat Every Marketing Platform Like A Member Data Platform

If a tool touches segmentation, targeting, or member behavior, assume it holds sensitive information.

Ask:

  • What member data is stored here?
  • What is collected vs. what is derived?
  • What is essential vs. “nice to have”?

Then reduce your footprint wherever possible.

2) Reduce Your Blast Radius With Data Minimization

Even the best security program can’t eliminate all risk.

But you can reduce impact by limiting:

  • What data is ingested
  • How long it’s retained
  • Who can access it
  • What can be exported

A helpful rule of thumb:

If you don’t want it exposed, don’t store it unless you truly need it.

3) Build a marketing vendor checklist that goes beyond “Does it work?”

Vendor decisions are often made on capabilities: channels, automation, reporting, ease of use.

Security questions should be just as standard, including:

  • Do they encrypt data in transit and at rest?
  • How do they manage access controls and admin permissions?
  • Do they have audit logs and monitoring?
  • How do they handle incident disclosure and response?
  • Do they support least-privilege and role-based access?

You can’t just trust a sales deck. You need to verify that your partners take security as seriously as you do. If they treat compliance as a checkbox, they’re a liability.

What You Need to Ask Now

Don’t wait for IT to vet your next marketing platform. Ask these questions yourself during the demo.

“Show me the SOC 2 Type 2 report.”

If they don’t have one, walk away. This report proves an independent auditor verified their security controls.

“How do you encrypt my data? What encryption standards are used?”

“We use encryption” isn’t a good enough answer. You want specifics.

  • At Rest: Data sitting in their data stores should be encrypted using AES-256.
  • In Transit: Data moving between systems must use TLS 1.2+.

If they can’t answer this instantly, that’s a red flag.

“Who has access to this data?”

You need strict Role-Based Access Control (RBAC) rules. A junior analyst shouldn’t have the same data access as a super-admin. You should use a “least privilege” model to ensure people only see what they need to do their jobs.

4) Align Marketing With InfoSec Before A Crisis

The worst time to figure out responsibilities is mid-breach.

Set a recurring checkpoint with your security team to cover:

  • What tools marketing uses (and what’s changed)
  • What data flows exist across vendors
  • Who owns vendor due diligence
  • What comms templates exist if members are impacted

The Bottom Line

The Marquis breach is a harsh lesson. Your marketing is only as strong as your data security.

Take a hard look at your current stack. If your vendors aren’t transparent about how they protect your members, it’s time to find new ones.

Security by Design

We built Blueshift with a “Security by Design” philosophy. That means security wasn’t slapped on at the end. It’s baked into the architecture.

We segregate our network so databases never touch the public internet directly. We use Multi-Factor Authentication (MFA) and Single Sign-On (SSO) to lock down access. And we hire third-party firms to test our own systems to find weak spots before the bad guys do.

Read our full security overview.

FAQs

FAQ: Marquis Data Breach

What is the Marquis data breach?
It refers to a ransomware incident disclosed by Marquis Software Solutions where an attacker exploited a firewall vulnerability and potentially accessed files containing sensitive consumer data.

When did the Marquis breach happen?
Public reporting and breach portals describe the incident as discovered on August 14, 2025.

What data was exposed in the Marquis Software Solutions breach?
Depending on the institution and individual, notices describe exposed data that may include names, contact information, dates of birth, Social Security numbers, taxpayer IDs, and some financial account details.

How many banks and credit unions were affected?
Multiple reports describe downstream impact across 74 banks and credit unions, with counts evolving as notifications continue.

What should credit union marketers do after a vendor breach?
Minimize stored data, tighten access and exports, require proof of controls (SOC 2 Type II), and align with InfoSec on vendor risk and breach communications before a crisis.

Written by:

Manyam Mallela thumbnail graphic

Manyam Mallela

Chief AI Officer

Manyam Mallela is the Chief AI Officer at Blueshift, with deep expertise in applied machine learning, predictive modeling, and intelligent decisioning systems.
Subscribe to our newsletter for new resources, updates, and more.
Thank you