Last updated 1 week ago
In August 2026, Marquis Software, a vendor serving two US banks (Artisans' Bank and VeraBank), was compromised via a SonicWall vulnerability in a ransomware attack. The breach exposed customer data from the banking clients. The incident was disclosed in a threat intelligence report published on January 5, 2026, highlighting the risks associated with third-party vendor security weaknesses in the financial sector.
Breached via SonicWall vulnerability
The breach demonstrates critical failures in third-party risk management and vulnerability patching. Marquis Software's failure to secure its SonicWall infrastructure created a supply chain vulnerability affecting downstream financial institutions. Recommendations include: 1) Enhanced vendor security assessments focusing on vulnerability management practices, 2) Implementation of zero-trust architectures to limit lateral movement in vendor networks, 3) Regular security audits of third-party vendors with access to sensitive customer data, and 4) Improved incident response coordination between vendors and their clients.
Company
Industry
Location
Disclosed
Records Affected
Attack Vector