CoVantage CU Confirms 160,000 Impacted in Vendor Data Security Incident

CoVantage Credit Union disclosed that a data breach at its service provider, Marquis, compromised sensitive personal information for 160,000 customers.

 

Marquis Software Solutions provides marketing and compliance services to over 700 banks and credit unions nationwide. Its clients include C1st, Banc of California, CoVantage Credit Union Inwood National Bank, Needham Bank, and more.

 

In a data security incident notice filed with the Office of Maine Attorney General, CoVantage said that on  August 14, Marquis identified unauthorised activity within its internal network. The software solutions provider immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

It also took steps to secure the affected systems and notified relevant law enforcement authorities about the incident.

 

“Our investigation determined that an unauthorised third party accessed our network and may have accessed and acquired certain files from our systems. Importantly, your financial institution’s internal systems were not impacted; the incident was limited to Marquis’ environment,” Marquis said.

 

The compromised data included names and other personal identifiers including social security numbers. The filing with the Maine state regulator’s office also states that CoVantage has identified at least 160,000 individuals affected by the incident.

 

While Marquis found no evidence of the compromise data being misused, it has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and the state attorney general. 

 

It has also offered complimentary identity protection and credit monitoring services through Epiq to all affected individuals.

 

Norway Savings Bank has become another Marquis client affected by the vendor’s cyberattack, reporting its own data security incident. Community 1st Credit Union (C1st) was also hit hard, confirming a major breach tied to the compromise of Marquis’ systems.