Norway Savings Bank, Via Marquis Data Breach Affects 51,000

On Aug. 14, 2025, Norway Savings Bank, a mutual financial institution providing a variety of personal and business banking services, experienced a significant data breach via a third-party data services provider (Marquis Software Solutions) that has impacted at least 51,000 NSB customers and potentially thousands of others across the U.S.

Marquis discovered that an external actor gained unauthorized access to certain portions of its data environment on Aug. 14, 2025, and notified affected financial institutions, including Norway Savings Bank. The breach did not involve Norway Savings Bank’s own internal systems, but rather occurred at Marquis. Reporting indicates that Marquis paid a ransomware bounty shortly after learning of the data breach.

The breach exposed sensitive personally identifiable information (PII), including names, addresses, dates of birth, Social Security numbers, tax ID numbers and financial account information. The exposure of PII of this magnitude puts individuals at risk of identity theft and financial fraud.

The bank disclosed the cybersecurity event to the Maine Attorney General’s office and the Massachusetts Attorney General on Nov. 21, 2025. At least 44,259 residents in the Maine were impacted by the data breach. Notices to affected consumers were sent in writing on Nov. 21, 2025.

The bank also posted a Data Security Incident at Third-Party Provider notice on its website.

Norway Savings Bank's response

In response to the breach, Marquis and Norway Savings Bank have taken several steps to support affected individuals. The bank has implemented additional fraud monitoring measures and evaluated customer accounts for signs of misuse or fraudulent transactions. Norway Savings Bank is also offering complementary credit monitoring through IDX for impacted individuals.

If you receive notification from Norway Savings Bank about this breach, you may want to:

• Sign up for the free credit monitoring services, offered by the company.
• Monitor your credit reports and financial accounts for any unusual activity.
• Be alert for phishing emails or phone calls that may use your exposed information.
• Consider placing a fraud alert or credit freeze with major credit bureaus.