Marquis, a Texas-based banking technology vendor, disclosed a ransomware attack resulting in exfiltration of sensitive data for approximately 672,000 individuals including names, addresses, and payment card numbers, with downstream exposure extending to financial institutions that use Marquis as a technology vendor. No CVE is assigned; the incident maps to CWE-693 (Protection Mechanism Failure) and ATT&CK techniques T1486, T1041, T1190, and T1078, though no specific attack vector or threat actor has been publicly confirmed. Organizations with active Marquis integrations should audit data-sharing connections, rotate API keys and shared credentials, obtain written remediation confirmation from Marquis before restoring integrations, and assess breach notification obligations under applicable state laws and GLBA with legal counsel. Source quality is T3 (media reporting); verify against an official Marquis advisory or regulatory filing when available.