Service Provider Breach Impacts 130,000 Customers of 1st MidAmerica Credit Union

A data breach at Marquis, a vendor for 1st MidAmerica Credit Union, exposed sensitive personal data belonging to over 130,000 people, the credit union said.

 

Marquis Software Solutions provides marketing and compliance services to over 700 banks and credit unions nationwide. Its clients include C1st, Banc of California, CoVantage Credit Union Inwood National Bank, Needham Bank, and more.

 

In a data security incident notice filed with the Office of Maine Attorney General, 1st MidAmerica Credit Union said that on  August 14, Marquis identified unauthorised activity within its internal network. The software solutions provider immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

It also took steps to secure the affected systems and notified relevant law enforcement authorities about the incident.

 

“On October 27, 2025, Marquis provided MACU with a list of MACU data which may have been accessed,” the financial organisation said.

 

The compromised data included names and other personal identifiers including Social Security Numbers. The filing with the Maine state regulator’s office also states that the financial organisation has identified at least 131,070 individuals affected by the incident.

 

1st MidAmerica Credit Union has confirmed that the incident was confined to Marquis systems, and that the bank’s own systems were not compromised.

 

The financial organisation has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and the state attorney general. 

 

It has also offered two years of complimentary identity protection and credit monitoring services through Epiq to all affected individuals.

 

CoVantage Credit Union was another Marquis client affected by the vendor’s cyber attack, reporting its own data security incident. Community 1st Credit Union (C1st) was also hit hard, confirming a major breach tied to the compromise of Marquis’ systems.