In this article, Fox News reports on a data breach that exposed the personal information of more than 400,000 bank customers, examining the growing risks tied to large-scale data exposure and identity fraud.
The piece includes insights from Ricardo Amper, CEO and Founder at Incode, who shares his perspective on how fraud evolves after a breach and why compromised identity data continues to put consumers and financial institutions at risk long after the initial incident.
Read below the transcription of this article, published by Fox News on December 20, 2025.
Data breach exposes 400,000 bank customers’ info
How an unpatched SonicWall flaw led to massive identity exposure
By Kurt Knutsson, CyberGuy Report, Fox News
Published
A major data breach tied to U.S. fintech firm Marquis is rippling through banks, credit unions and their customers. Hackers broke into Marquis systems by exploiting a known but unpatched vulnerability in a SonicWall firewall, gaining access to deeply sensitive consumer data.
At least 400,000 people are confirmed to be affected so far across multiple states. Texas has been hit the hardest with more than 354,000 residents affected. That number is expected to rise as additional breach notifications are filed.
Marquis operates as a marketing and compliance provider for financial institutions. The company says it serves more than 700 banks and credit unions nationwide. That role gives Marquis access to centralized pools of customer data, which also makes it a high-value target.
What information was stolen in the Marquis cyberattack
According to legally required disclosures filed in Texas, Maine, Iowa, Massachusetts and New Hampshire, hackers accessed a wide range of personal and financial data. Stolen information includes customer names, dates of birth, postal addresses, Social Security numbers and bank account, debit and credit card numbers. The breach dates back to Aug. 14, when attackers gained access through the SonicWall firewall vulnerability. Marquis later confirmed the incident was a ransomware attack.
While Marquis did not publicly name the attackers, the campaign has been widely linked to the Akira ransomware gang. Akira has previously targeted organizations running SonicWall appliances during large-scale exploitation waves. This was not a routine credential leak.
We reached out to Marquis for comment, and a company spokesperson provided CyberGuy with the following statement:
“In August, Marquis Marketing Services experienced a data security incident. Upon discovery, we immediately enacted our response protocols and proactively took the affected systems offline to protect our data and our customers’ information. We engaged leading third-party cybersecurity experts to conduct a comprehensive investigation and notified law enforcement.
“The incident was quickly contained, and our investigation was recently completed. It was determined that an unauthorized third party accessed certain non-public information within our network. However, there is no evidence indicating that any personal information has been used for identity theft or financial fraud. We have notified potentially affected individuals.
“We know our customers place great trust in us, and at Marquis, we take that responsibility seriously by making the protection of their information our highest priority. We are extremely appreciative of the cooperation, understanding, and support of our employees and customers during this time.”
Why the Marquis data breach creates long-term identity risk
When a data breach exposes your full identity, the danger does not disappear after the news cycle ends. Unlike a stolen password, this kind of information cannot be changed, which means the risk can stick around for a long time.
“With a typical credential leak, you reset passwords, rotate tokens and move on,” Ricardo Amper, CEO and Founder of Incode Technologies, a digital identity verification company, tells CyberGuy. “But core identity data is static. You cannot meaningfully change your date of birth or SSN, and once those are exposed, they can circulate on criminal markets for years. The breach is a moment in time, but the exposure it creates can follow people for the rest of their financial lives.”
That is why identity breaches are so dangerous. Criminals can reuse the same stolen data years later to open new accounts, build fake identities or run highly targeted scams that feel personal and convincing. Many attackers now combine this data with AI tools to scale their efforts. As a result, phishing emails, phone calls and even voice impersonations are harder to spot when they reference real details about your bank or account history.
The most likely scams after identity data is stolen
When criminals obtain verified identity data, fraud becomes targeted rather than opportunistic.
“Once criminals get their hands on rich, verified identity data, fraud stops being a guessing game and becomes a targeted execution,” Amper said.
The first major threat is account takeover. With enough personal details, attackers can bypass knowledge-based checks, reset passwords, change contact information and abuse accounts in ways that often look legitimate. The second risk is new account fraud. This includes credit cards, loans, buy now pay later services and even new bank accounts. High-quality data helps these applications pass automated systems and manual reviews.
The fastest-growing threat is synthetic identity fraud. Real data, like a Social Security number, is blended with fabricated details to create a new identity that matures over time before a large financial bust.
“These attacks are hard to catch early because the data being presented is accurate and often reused across multiple institutions,” Amper noted. “If your defenses can’t reliably tell a real human from an AI-generated impersonation, you are starting every decision from a position of disadvantage,” he added.
Why unpatched firewall flaws pose such a serious threat
Ransomware groups like Akira increasingly focus on widely deployed infrastructure to maximize impact. Firewalls sit at the boundary of trusted networks. When one is compromised, everything behind it becomes reachable.
“What we’re seeing with groups like Akira is a focus on maximizing impact by targeting widely used infrastructure. The strategy remains the same: Find a single weak point that gives access to many downstream victims at once,” Amper said.
This approach exposes a persistent blind spot in traditional cybersecurity thinking. Many organizations still assume traffic passing through a firewall is safe.
“When the perimeter device itself is the entry point, static defenses and outdated controls simply can’t keep up,” Amper explained.
How long affected consumers should assume risk remains high
Identity data does not expire. Social Security numbers and birth dates stay the same for life.
“When core identity data reaches criminal markets, the risk does not fade quickly,” Amper emphasized. “Fraud rings treat stolen identity data like inventory. They hold it, bundle it, resell it and combine it with information from new breaches.”
Warning signs of misuse can be subtle. These include credit inquiries you did not authorize, account recovery alerts from unfamiliar services or phone calls that convincingly mimic a bank’s verification process using deepfake voice tools.
“The most damaging fraud often starts long after the breach is no longer in the news,” Amper added.
The overlooked impact of identity theft
Financial losses are only part of the damage. Victims often experience a lasting erosion of trust.
Amper says, “The most overlooked consequence is the psychological toll of knowing that you can no longer trust who is contacting you. Deepfake impersonation turns every phone call, video message or urgent request into a potential attack.”
More about Fox News
Fox News is a leading U.S. news organization covering breaking news, business, technology and cybersecurity. Through reporting and expert commentary, the outlet examines major events and emerging risks shaping the digital economy, consumer protection and national security.
Read the full article here.
Copyright 2025 CyberGuy.com. All rights reserved.
Connect with Ricardo Amper here.
