Marquis Companies Data Breach Exposes SSNs & Medical Info

Marquis Companies, a leading provider in the hospital and health care industry, recently experienced a significant data breach. The compromised information includes both personally identifiable information (PII) and protected health information (PHI) of current and former residents.

The breach occurred between Aug. 9, 2025, and Sept. 10, 2025, and was discovered by the company on Aug. 17, 2025. According to a disclosure made to the Oregon Attorney General’s office on Nov. 21, 2025, the incident involved a ransomware attack carried out by the LYNX group, who claimed responsibility and posted about the breach on the dark web on Oct. 21, 2025.

The LYNX ransomware group reportedly infiltrated Marquis Companies’ network, exfiltrating sensitive data before encrypting systems. Exposed information included names, addresses, dates of birth, Social Security numbers, medical information, health insurance details, and possibly other personal records related to senior care services.

The breach’s severity is underscored by the deliberate targeting and theft of sensitive data, with the attackers threatening to release or sell the information if their demands were not met. Marquis Companies formally notified impacted individuals by mail on Nov. 21, 2025.

Marquis Companies’ response

In response to the ransomware attack, Marquis Companies launched an internal investigation and engaged cybersecurity professionals to assess the scope of the breach and secure their systems.

If you believe your personal information may have been compromised in this breach:

• Carefully review any notice or communication you receive from Marquis Companies or a company that does business with Marquis Companies.
• Monitor financial accounts and credit reports for signs of identity theft.
• Consider placing fraud alerts or credit freezes with the major credit bureaus.
• Be cautious of unsolicited emails or phone calls requesting personal information.