Marquis Software Solutions has confirmed a ransomware attack that compromised data from at least 400,000 bank and credit union customers. Hackers exploited a SonicWall firewall, stealing names, Social Security numbers, account details, and more. For a vendor serving over 700 institutions, the breach is not just a technical failure – it’s a trust and confidence crisis.

Why it matters

• Consumer Trust: customers don’t distinguish between a third-party provider and their bank – the bank bears the reputational and financial hit.
• Regulatory Pressure: notifications across multiple states highlight rising expectations for transparency and oversight.
• Operational Fragility: when services powered by third parties are disrupted, customer engagement tanks.

The bigger picture

This incident is a reminder that third-party provider risk is now systemic risk. Boards must treat third-party resilience as core governance, not a compliance afterthought.

From breach to blueprint

The Marquis attack is not just about ransomware. It is about the fragility of interconnected ecosystems. As financial services accelerate into open banking and open finance, the attack surface expands. Without robust open finance risk management, innovation equals exposure.

The lesson is clear: as the open ecosystem scales, so must resilience. Institutions that embed open finance risk management into their strategic narrative will define trust and confidence in the next era of finance.