Marquis, a Texas-based data and analytics provider located at 5208 Tennyson Parkway in Plano, reported a cybersecurity breach on August 14, 2025. The breach impacted data belonging to Norway Savings Bank customers, as Marquis served as a vendor handling certain information on the bank’s behalf.
According to regulatory filings, the breach was discovered on the same day it occurred and stemmed from an external hacking incident that compromised personal identifiers stored in Marquis systems.
More than 51,000 individuals were affected, including over 44,000 Maine residents. Norway Savings Bank submitted the required disclosures through its Chief Risk Officer, who confirmed that the incident originated from Marquis’ systems rather than the bank’s internal environment.
What Information Was Exposed in the Marquis Data Breach?
The data accessed during the breach included names and other personal identifiers stored in Marquis systems for analytics and customer-communication purposes. While no financial-account credentials were reported as part of the exposure, compromised personal identifiers still carry heightened risks of identity theft and fraud.
Notification letters were mailed to affected individuals beginning November 21, 2025.
How Did Norway Savings Bank and Marquis Respond to the Data Breach?
Once the data breach was identified, Marquis launched an internal investigation to determine the root cause and scope of the incident. Norway Savings Bank also notified regulators and began coordinating customer outreach to ensure compliance with state and federal data breach requirements.
To help individuals safeguard their information, Marquis and Norway Savings Bank are offering IDX cybersecurity protection services. Depending on eligibility, customers may receive between 12 and 24 months of credit monitoring, dark web monitoring, and identity theft recovery tools.
Steps for Affected Customers to Protect Themselves
Customers impacted by the Marquis breach should remain vigilant and take proactive steps to secure their information. Monitoring financial accounts, reviewing credit reports, and watching for suspicious activity can help reduce the risk of unauthorized use.
Affected individuals should also take advantage of the complimentary IDX identity protection services, which provide tools to detect misuse early and support recovery if identity theft occurs.
Marquis Data Breach: What Solutions Can Victims Explore?
Individuals whose personal information was exposed in this vendor-related breach may have legal rights under state and federal privacy laws. When third-party providers fail to maintain reasonable security practices, affected customers may be entitled to compensation or additional remedies.
Almeida Law Group is currently reviewing the Marquis incident and helping consumers understand their legal options following vendor-related breaches. If you received a notification letter, our team can evaluate your rights and potential next steps.
