Multiple High-Profile Data Leaks and Ransomware Attacks Impact Financial and Government Entities
Several significant data leaks and ransomware incidents have surfaced, affecting a range of organizations including Banco Vimenca, WIRED subscribers, Mexico’s Tax Administration Service (SAT), and New Zealand’s Neighbourly platform. Threat actors have claimed responsibility for exposing sensitive data such as government financial records, large-scale subscriber information, and user communications, with some incidents linked to ransomware groups. While the authenticity of these dark web postings remains unverified, the breadth of affected entities highlights ongoing risks to both financial institutions and government agencies from cybercriminal activity.
In the United States, two banks—Artisans' Bank and VeraBank—have notified thousands of customers that their personal information was compromised in a ransomware attack on Marquis Software, a vendor providing data analytics and communication services to financial institutions. The attack, traced to a vulnerability in a SonicWall firewall, resulted in the exposure of names and Social Security numbers, though the banks’ own systems were not directly breached. These incidents underscore the persistent threat posed by supply chain vulnerabilities and the importance of robust third-party risk management for organizations handling sensitive data.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
5 events from the most recent confirmed update back to the earliest known activity.
VeraBank notifies customers affected by Marquis supplier breach
In late December 2025, VeraBank also began notifying customers that their data was exposed in the Marquis Software incident. The notifications added to estimates that the total number of affected individuals exceeded 1.4 million across multiple institutions.
Artisans' Bank begins notifying customers of Marquis-linked breach
In late December 2025, Artisans' Bank disclosed that customer information was compromised through the Marquis Software attack and began notifying affected individuals. Reported exposed data included personal identifiers and financial information, and the bank offered credit monitoring.
Marquis breach first disclosed to regulators in Iowa
Marquis Software first publicly disclosed the incident in a notification to Iowa regulators on 2025-11-26. The filing described exposure of sensitive personal and financial data tied to customers of banking clients.
Marquis notifies law enforcement and affected institutions
After discovering the August attack, Marquis Software notified federal law enforcement and informed affected client institutions about the breach. The company did not publicly attribute the attack to a specific ransomware group.
Ransomware attack hits Marquis Software via SonicWall firewall
On 2025-08-14, attackers breached Marquis Software Solutions' environment through its SonicWall firewall in a ransomware-related incident. The compromise exposed data that Marquis maintained for banks and credit unions, rather than directly breaching the financial institutions' own systems.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
4 references tracked. Mallory keeps watching after this page renders.
More Banks Issue Breach Notifications Over Supplier Breach
bankinfosecurity.com
Open sourceMore Banks Issue Breach Notifications Over Supplier Breach
govinfosecurity.com
Open sourceBanco Vimenca, WIRED, and Government Data Leaks Surface on Dark Web
socradar.io
Open sourceTwo more banks notifying thousands of victims about Marquis Software ransomware attack
therecord.media
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Ransomware and data-extortion incidents drive new breach disclosures across healthcare, aviation, and hospitality
Multiple organizations disclosed or were linked to **ransomware/data-extortion** activity with material operational or privacy impact. **Air Côte d’Ivoire** confirmed a cyberattack affecting parts of its information systems after **INC ransomware** claimed theft of **208 GB** and threatened to leak data, while the airline said it engaged the national CERT and external experts to contain impact and maintain flight operations. In the US healthcare sector, **University of Mississippi Medical Center (UMMC)** reported a ransomware incident that forced statewide clinic closures and disrupted access to **Epic** electronic medical records, prompting engagement with the **FBI** and **CISA** and use of downtime procedures to sustain patient care. Separately, **Conduent**’s earlier ransomware-linked breach continued to expand in scope, with breach notifications indicating at least **~25 million** people affected across multiple states and exposure of sensitive PII (including **SSNs** and health/insurance data). **Wynn Resorts** also confirmed an unauthorized party accessed and stole employee data after being listed by the **ShinyHunters** extortion group, with the company stating the actor claimed the data was deleted and that guest operations were not impacted. Other items in the set describe distinct, unrelated security events and broader threat research rather than the same incident: alleged data leaks involving **Burger King France** and **Wendy’s UK**; **Qilin** ransomware claims against a New York City transit union; Russian cyber operations against Ukraine’s power grid focused on intelligence collection; and a New Zealand healthcare application (**MediMap**) taken offline after apparent unauthorized access and **patient record tampering** (e.g., records marked deceased). Additional references cover threat research and trends (airline brand impersonation domains, edge-device exploitation telemetry, MuddyWater’s *Operation Olalampo*, Google Ads cloaking via **1Campaign**, freight/logistics phishing by “Diesel Vortex,” and various governance/AI/5G/quantum commentary), which provide context on the threat environment but do not substantively report on the same specific breach event.
Mar 21, 2026
Ransomware and data-breach disclosures across education, critical infrastructure, and healthcare
Rome’s **La Sapienza University** shut down network systems as a precaution after a cyberattack caused widespread disruption and left its website offline; Italian media attributed the incident to a suspected ransomware operation linked to pro-Russian actor **Femwar02**, with reported tradecraft resembling **Bablock/Rorschach**-style fast encryption. Separately, Romania’s national oil pipeline operator **Conpet** reported a cyberattack that disrupted corporate IT and took down `www.conpet.ro` while leaving **OT/SCADA** and pipeline transport operations unaffected; **Qilin** claimed responsibility, alleging theft of nearly **1TB** of data and posting sample documents (including financial data and passport scans) to support extortion claims. In the U.S., government services contractor **Conduent** faced expanding breach impact from its January 2025 ransomware incident, with notifications indicating exposure potentially reaching **dozens of millions**; reported affected data includes **names, Social Security numbers, and medical/health insurance information**, with at least **15.4M** impacted in Texas and **10.5M** in Oregon per state disclosures. Additional healthcare-sector disclosures included a ransomware-linked intrusion at **Insightin Health** (unauthorized access in September 2025; **Medusa** claimed exfiltration of **378GB**) and a separate compromise at **Clinic Service Corporation** (August 2025 access window), while **Central Ozarks Medical Center** reported a criminal cyberattack affecting **11,818** individuals with exposure of PHI/PII (including SSNs and financial/insurance data). Other items in the set were not incident-specific: an **HHS-OIG** audit describing web application security weaknesses at a large hospital, and general guidance/education pieces on the value of medical records to attackers and **CISA** insider-threat guidance.
Mar 21, 2026
Multiple Healthcare and Insurance Data Breaches Impacting Millions
Several major organizations in the healthcare and insurance sectors have disclosed significant data breaches affecting millions of individuals. ARC Community Services reported a ransomware attack by the INC Ransom group, resulting in the exfiltration of sensitive patient data, including health and financial information. Aflac confirmed that a June cyberattack led to the theft of files containing insurance claims, health data, and Social Security numbers for over 22 million customers, with no operational disruption but widespread exposure of personal information. The Louisiana Office of Student Financial Assistance (LOSFA) notified students of unauthorized access to its systems, exposing names and Social Security numbers, though certain savings accounts were not affected. Oklahoma Spine Hospital agreed to a $1.1 million settlement following a July breach that compromised the data of nearly 39,000 patients, including medical and financial details. These incidents highlight the ongoing threat posed by cybercriminals targeting sensitive data in the healthcare and insurance industries. Victims in these breaches are being offered credit monitoring and identity protection services, and regulatory notifications have been issued. The attacks have prompted legal action, regulatory scrutiny, and, in some cases, leadership changes within affected organizations. Law enforcement and cybersecurity experts have been engaged to investigate and mitigate the impact of these breaches, which are part of a broader trend of targeted attacks against organizations handling large volumes of personal and health-related information.
Mar 21, 2026