Community 1st Credit Union, a not-for-profit financial cooperative serving Iowa and Missouri, experienced a data breach through its third-party vendor, Marquis Software Solutions (a marketing and compliance software provider). Initially believed to involve no sensitive data, further investigation confirmed that personally identifiable information (PII) of 6,876 members including names, dates of birth, Social Security/Tax ID numbers, addresses, phone numbers, email addresses, and financial details was exposed. The breach was discovered in August 2025, with confirmation of sensitive data exposure on October 27, 2025. Affected individuals were notified in November 2025. The incident poses risks of identity theft, financial fraud, and unauthorized account activity, prompting the credit union to offer free identity theft protection services and legal recourse for compensation.
Source: https://www.claimdepot.com/investigations/community-1st-credit-union-data-breach-2025
TPRM report: https://www.rankiteo.com/company/community-1st-credit-union
"id": "com0803208111825",
"linkid": "community-1st-credit-union",
"type": "Breach",
"date": "8/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '6,876 (6,511 in Iowa)',
'industry': 'Financial Services',
'location': 'Iowa and Missouri, USA',
'name': 'Community 1st Credit Union',
'type': 'Credit Union'},
{'industry': 'Financial Technology (FinTech)',
'name': 'Marquis Software Solutions',
'type': 'Vendor (Software Provider)'}],
'customer_advisories': ['Free identity theft protection services offered via '
'Epiq Privacy Solutions',
'Recommendations for fraud alerts, credit monitoring, '
'and legal consultation'],
'data_breach': {'data_exfiltration': 'Yes',
'number_of_records_exposed': '6,876 (6,511 in Iowa)',
'personally_identifiable_information': ['Name',
'Date of birth',
'Social Security '
'number or Tax ID '
'number',
'Address',
'Phone number',
'Email address'],
'sensitivity_of_data': 'High (includes SSNs, financial data)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Financial Information']},
'date_detected': '2025-08',
'date_publicly_disclosed': '2025-10-27',
'description': 'Shamis & Gentile P.A. is investigating a data breach at '
'Marquis Software Solutions, a vendor used by Community 1st '
'Credit Union for marketing services. The breach exposed '
'nonpublic personal information (PII) of over 6,876 members, '
'including names, Social Security numbers, addresses, phone '
'numbers, email addresses, and financial information. '
'Community 1st Credit Union began notifying affected '
'individuals on November 17, 2025.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'exposure of sensitive member data',
'data_compromised': ['Name',
'Date of birth',
'Social Security number or Tax ID number',
'Address',
'Phone number',
'Email address',
'Financial information'],
'identity_theft_risk': 'High (PII including SSNs exposed)',
'legal_liabilities': 'Potential lawsuits and compensation claims '
'for affected individuals',
'payment_information_risk': 'Moderate (financial information '
'exposed)'},
'investigation_status': 'Ongoing (led by Shamis & Gentile P.A.)',
'recommendations': ['Sign up for free identity theft protection services '
'(Epiq Privacy Solutions)',
'Monitor financial accounts for suspicious activity',
'Place fraud alerts on credit reports',
'Request free annual credit reports from major bureaus',
'Seek legal counsel for potential compensation claims'],
'references': [{'source': 'Shamis & Gentile P.A. Investigation Notice'}],
'regulatory_compliance': {'legal_actions': 'Potential lawsuits and '
'compensation claims '
'(investigation ongoing by Shamis '
'& Gentile P.A.)'},
'response': {'communication_strategy': 'Written notification letters sent to '
'affected members on 2025-11-17',
'incident_response_plan_activated': 'Yes (investigation '
'conducted, notifications '
'sent)',
'remediation_measures': ['Free identity theft protection '
'services (Epiq Privacy Solutions)',
'Fraud alerts and credit report '
'monitoring recommended for affected '
'individuals'],
'third_party_assistance': 'Epiq Privacy Solutions (identity '
'theft protection services)'},
'stakeholder_advisories': 'Written notifications sent to affected members on '
'2025-11-17',
'title': 'Community 1st Credit Union (Marquis Software Solutions) Data Breach',
'type': 'Data Breach'}