More than 700 credit unions and banks were placed on high alert after Marquis Software Solutions, a marketing and communications vendor based in Plano, Texas, disclosed it was the victim of a ransomware attack Aug. 14. However, the company did not begin notifying affected financial institutions until late October.
“Between October 27, 2025 and November 25, 2025, Marquis notified the affected business customer data owners about the potential involvement of personal information collected through them,” Steven W. Wernikoff , Partner of Honigman LLP in Chicago, wrote in a letter to Washington State regulators on Nov. 26. “Since then, Marquis has been working with some of those data owners - at their directions - to facilitate appropriate notifications to individuals and regulatory bodies.”
Some state regulators were notified this week.
According to Marquis’ forensic investigation, the files potentially accessed by an unauthorized party included personal information received from certain business customers, such as names, addresses, phone numbers, Social Security numbers, Taxpayer Identification Numbers, financial account information (excluding security or access codes) and dates of birth.
The investigation also revealed that an authorized third party accessed Marquis’ network through its “SonicWall firewall” on Aug. 14, but this incident was limited to the vendor’s environment.
“At this time, Marquis has no evidence of misuse or attempted misuse of this personal information as a result of this incident,” Wernikoff wrote.
In Washington State, 269,773 individuals may have been affected. Wernikoff’s letter included 30 credit unions, among them the Richland-based Gesa Credit Union, which serves more than 312,000 members.
Some listed credit unions are based outside Washington but have members in the state. The Tampa, Fla.-based Suncoast Credit Union, with more than $19 billion in assets, reported 1,017 affected members in Washington.
“We can confirm that we are aware of the breach perpetrated on our former third-party vendor, Marquis Software Solutions,” the credit union said in a statement. “Our top priority is the safety and security of our members' accounts and their privacy. We take great measures to protect and safeguard member information, which includes robust third-party due diligence and extensive security requirements.”
Suncoast also said it is working through the proper channels to mitigate the impact of this breach, and is urging its members to be vigilant in monitoring their accounts.
“As this is an ongoing situation, we are unable to provide further information at this time,” the credit union stated.
Suncoast currently serves more than 1.3 million members.
The Texas Attorney General’s office reported this week that 354,289 individuals may be affected by the Marquis ransomware breach.
Additionally, the office of consumer affairs and business regulation in Massachusetts reported that 280,375 residents may be affected, and the Attorney General’s office in Maine reported 42,784 residents may have been impacted.
Maine officials also published a list of 67 affected financial institutions, including 47 credit unions and 20 banks that may be affected by the breach. Among them was the $753 million Maine State Credit Union in Augusta, which serves 38,334 members.
“Maine State Credit Union takes the protection of its member information seriously. The Marquis event did not impact our operations or internal systems, and our member accounts and financial information remain secure,” the credit union said. "We take fraud seriously, have strong processes and procedures in place, and will continue to monitor all accounts vigilantly. We do not anticipate that our members’ accounts will be affected or misused by this event.”
As a precaution, Maine State CU arranged for Marquis to provide free credit monitoring and identity protection services to all members.
In addition to providing those services, Marquis has contacted its former customers.
The $2.1 billion Westerra Credit Union in Denver, was one of them.
“Marquis Software Solutions was a former vendor, and our relationship with them ended in August 2022. The recent incident they reported occurred several years after our partnership concluded, and it has not impacted our operations,” Nichol Andrushko, Westerra’s vice president of marketing, said. “We also have no indication of any unauthorized activity within Westerra’s environment.”
Peter Strozniak can be reached at peter.strozniak@arc-network.com
© Arc, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to TMSalesOperations@arc-network.com. For more information visit Asset & Logo Licensing.