Fintech company Marquis is notifying more than 672,000 people that hackers stole their personal and financial information in a ransomware attack, including Social Security numbers and banking details. The breach represents one of the largest fintech security incidents of 2026, exposing customers to identity theft and financial fraud risks. The company disclosed the attack in recent filings, though questions remain about when the breach occurred and how long attackers had access to sensitive systems.
Marquis, a fintech company serving hundreds of thousands of customers, just confirmed that ransomware attackers made off with a treasure trove of sensitive personal data. The company is notifying 672,000 people that their Social Security numbers, financial information, and personal details fell into criminal hands.
The disclosure puts Marquis in the unfortunate company of major data breach victims this year. While the company hasn't revealed exactly when the attack occurred or how long hackers prowled through its systems, the sheer volume of compromised records makes this one of the most significant fintech breaches of 2026. For context, that's more people than live in Washington D.C., all potentially exposed to identity theft and financial fraud.
According to TechCrunch, Marquis confirmed the stolen data includes Social Security numbers - the golden ticket for identity thieves. These nine-digit identifiers can't be changed like a password, making them permanently valuable to criminals who can use them to open fraudulent accounts, file fake tax returns, or commit medical identity theft for years to come.
Ransomware attacks have evolved far beyond simple encryption schemes. Modern ransomware gangs now routinely steal data before encrypting it, giving them double leverage: they can threaten to lock systems and leak sensitive information. This dual-extortion approach has become the industry standard for cybercriminal operations, turning every breach into a potential data exposure event.
