On August 14, 2025, a significant data breach involving Maine State Credit Union was discovered after Marquis Software Solutions Inc., a third-party digital and physical marketing vendor, detected suspicious activity on its network. The investigation revealed Marquis was the victim of a ransomware attack, with the unauthorized party gaining access to the network through its SonicWall firewall. This breach allowed the attacker to potentially acquire files containing sensitive information from Marquis’ systems. According to a disclosure filed with the Maine Attorney General’s office on Dec. 2, 2025, the Marquis cybersecurity incident impacted 38,334 Maine residents associated with Maine State Credit Union. The types of consumer information exposed included names, addresses, phone numbers, Social Security numbers, Taxpayer Identification Numbers, financial account information and dates of birth. This information is considered personally identifiable information (PII), and significantly raises the risk of identity theft and fraud for impacted individuals. Maine State Credit Union’s response After discovering the breach, Marquis promptly launched an investigation, engaged cybersecurity experts through legal counsel and notified federal law enforcement. Marquis then conducted a thorough review of the compromised files to determine the scope and nature of the data involved. By late October, Marquis began notifying affected business customers, including Maine State Credit Union,

CoVantage Credit Union and Marquis Software Solutions Data Breach

Marquis Software Solutions, a Texas-based technology provider serving over 500 banks and credit unions, detected unauthorized network activity on **August 14, 2025**. A third-party breach investigation confirmed that an attacker accessed and exfiltrated sensitive files from its systems, exposing personally identifiable information (PII) of individuals associated with clients like CoVantage Credit Union. The compromised data included **names, addresses, phone numbers, Social Security numbers, financial account details, and dates of birth**—high-risk information for identity theft and financial fraud. Notifications to affected individuals began in **late October 2025**, with at least **22 New Hampshire residents confirmed impacted** as of November 26, 2025. While the breach was isolated to Marquis’ environment (sparing CoVantage’s internal systems), the scale of exposed data—particularly **SSNs and financial records**—poses severe risks of fraud, phishing, and long-term identity exploitation. Marquis offered **24 months of credit monitoring** via Epiq Privacy Solutions, but the incident underscores systemic vulnerabilities in third-party vendors handling sensitive financial data. Legal firms are pursuing class-action lawsuits for compensation, citing negligence in safeguarding consumer information.

Marquis Software Solutions Ransomware and Data Breach (2025)

On August 14, 2025, Marquis Software Solutions—a technology vendor serving banks and credit unions—detected suspicious network activity, later confirmed as a **ransomware attack**. Despite paying a ransom, sensitive member data (including PII such as names, dates of birth, account numbers, and Social Security/Tax ID numbers) was exposed on the black market. The breach impacted **6,876 members**, including **6,511 Iowa residents**, with data dating prior to 2020. The exposure poses risks of **identity theft and financial fraud**, prompting notifications to affected individuals, law enforcement, and the Iowa Attorney General (November 7, 2025). Marquis offered complimentary identity protection services (credit/dark web monitoring, identity restoration) to mitigate harm. The incident underscores vulnerabilities in third-party vendor security, with long-term reputational and financial consequences for both Marquis and its client institutions, including **Community 1st Credit Union**.