Norway Savings Bank Data Breach Class Action (Marquis)
Data Breach · Lawsuit Filed

Norway Savings Bank Customers File Class Actions Over the Marquis Software Data Breach

Published July 9, 2026

Norway Savings Bank's own systems were not hacked — one of its software vendors was. But it is the bank's customers, including tens of thousands of Mainers, whose Social Security numbers were caught up in it.

A bank ATM representing the Norway Savings Bank customers whose data was exposed in the Marquis Software Solutions breach
Norway Savings Bank, a Maine community bank, notified about 51,000 customers after a breach at its vendor Marquis Software Solutions.
Allegations Only · No Settlement Yet

This article describes class action complaints. The statements below are unproven allegations. No defendant has been found liable, there is no certified class, and nothing to claim at this time. This page is informational and is not legal advice.

What Is This About?

About 51,000 Norway Savings Bank customers — a Maine mutual community bank — had their personal information exposed in a data breach, and class action litigation has followed. The catch is that the breach did not happen at the bank itself. It happened at one of its technology vendors, Marquis Software Solutions, Inc., a Texas fintech firm that provides marketing and data services to more than 700 banks and credit unions. Norway Savings Bank is one of more than 70 financial institutions caught up in the same vendor incident.

The lawsuits are proceeding in the U.S. District Court for the Eastern District of Texas, where a group of proposed class actions over the Marquis breach is being consolidated as In re Marquis Software Solutions, Inc. Data Breach Litigation. Confirmed member cases include Brown v. Marquis Software Solutions, Inc., No. 4:25-cv-01322, and additional complaints — some of which name Norway Savings Bank as a co-defendant for entrusting its customers' data to the vendor. The cases are at the complaint stage: the allegations are unproven, no class has been certified, and there is no settlement and nothing to claim.

Status Complaints Filed & Being Consolidated In re Marquis Software Solutions Data Breach Litigation · E.D. Tex. · filed late 2025
Norway Savings Bank Customers Affected ~51,000 (about 43,000 Maine residents) Part of a larger vendor breach across 70+ banks and credit unions
Reportedly Exposed Names, addresses, DOB, Social Security & tax ID numbers, financial account info Per the breach notices and the complaints
Can I Claim? No — nothing to claim yet No settlement or claim form · Norway Savings Bank is offering free credit monitoring

The Vendor Breach Behind the Lawsuits

According to the breach notices, an unauthorized actor gained access to the Marquis data environment in an incident dated to around August 14, 2025; it has been reported as a ransomware attack carried out through a firewall vulnerability, though those specifics come from reporting rather than a court finding. Marquis's investigation reportedly concluded in late October 2025, and Norway Savings Bank notified the Maine and Massachusetts attorneys general on November 21, 2025 before sending customer notices.

Because Marquis serves hundreds of institutions, the total reach is far larger than any one bank. Vendor-wide figures reported in different filings and notices have ranged widely — from around 217,000 in one early complaint to more than 672,000 in a later regulatory filing, with law-firm investigations citing figures approaching 780,000 people across 74-plus institutions. Those are the aggregate Marquis numbers and should not be confused with Norway Savings Bank's own figure of roughly 51,000 customers. Other named institutions include CoVantage Credit Union (about 160,000 members) and Maine State Credit Union (about 38,334).

What Was Exposed

For affected Norway Savings Bank customers, the exposed information reportedly includes names, addresses, dates of birth, Social Security numbers, tax identification numbers, and financial account information. That combination — identity data plus financial-account details — is the kind that supports both identity theft and account fraud, which is why the breach notices pair the disclosure with an offer of credit monitoring. Roughly 43,000 of the affected customers are Maine residents, making this a significant incident for the state.

What the Lawsuits Allege

The complaints bring the standard data-breach theories: negligence, breach of implied contract, and unjust enrichment. Plaintiffs allege that Marquis failed to implement reasonable, industry-standard safeguards, and that Norway Savings Bank negligently entrusted its customers' sensitive data to a vendor without ensuring it was adequately protected. Some complaints also fault the notification timeline. Plaintiffs seek damages, longer-term credit monitoring, and injunctive relief requiring better security. These are allegations; the defendants have not been found liable, and the litigation is only beginning to take shape as the related cases are consolidated.

Is There a Settlement?

No. Consolidating related complaints is an early housekeeping step, not a resolution. There is no settlement, no fund, no claim form, and no deadline, and no class has been certified. If the litigation later settles, a court-appointed administrator would issue notice and open a claims process — we will update this page and our data breach settlements hub if that happens. In the meantime, the only thing being offered is the free credit monitoring in the bank's own breach notice.

What Should Affected Customers Do Now?

Enroll in the complimentary credit monitoring and identity-theft protection Norway Savings Bank is offering — there is no reason to leave that on the table. Because Social Security numbers and financial data were reportedly involved, a credit freeze with the three major bureaus is the strongest protection, and it is free. Watch for phishing that references your bank or account, and review your statements and credit reports for anything unfamiliar. Keep any notice you receive; if a settlement is reached later, that notice is usually how class members file. For how vendor-breach cases like this tend to unfold, see our data breach coverage.

This page is informational and is not legal advice.

Frequently Asked Questions

Has a class action been filed over the Norway Savings Bank data breach?

Yes — proposed class actions over the underlying Marquis Software Solutions breach are being consolidated in the Eastern District of Texas as In re Marquis Software Solutions, Inc. Data Breach Litigation (confirmed member cases include Brown v. Marquis, No. 4:25-cv-01322), including complaints that name Norway Savings Bank. All claims are unproven; no class is certified.

How many customers were affected?

Norway Savings Bank reported about 51,000 customers, roughly 43,000 of them in Maine — part of a larger Marquis vendor breach affecting 70+ institutions.

Were Social Security numbers exposed?

Yes — the exposed data reportedly included Social Security numbers, tax ID numbers, and financial account information, along with names, addresses, and dates of birth. A credit freeze is worth considering.

Is there a settlement or claim form?

No. There is no settlement, fund, claim form, or deadline. The bank is offering free credit monitoring through its breach notice; that is separate from any future litigation payout.

Sources

CourtListener — Brown v. Marquis Software Solutions, Inc., 4:25-cv-01322 (E.D. Tex.)
Justia Dockets — Domenichello v. Marquis Software Solutions, Inc., 4:25-cv-01284 (E.D. Tex.)
Norway Savings Bank — Data Security Notice
Bangor Daily News — Data Breach at Norway Savings Bank
BankInfoSecurity — Marquis Software Vendor Breach


For more class actions keep scrolling below.
Status Complaints filed & consolidating — no class certified, no settlement
Consolidated Caption In re Marquis Software Solutions, Inc. Data Breach Litigation
Confirmed Case Brown v. Marquis Software Solutions, Inc., 4:25-cv-01322 (includes suits naming Norway Savings Bank)
Court U.S. District Court, Eastern District of Texas (Sherman Division)
Data Exposed Names, addresses, DOB, SSNs, tax IDs, financial account information

More Data Breach Cases