On August 14, 2025, CoVantage Credit Union suffered a data breach via its third-party vendor, **Marquis Software Solutions**, which handles digital and physical marketing services. An unauthorized third party accessed Marquis’ systems, potentially acquiring sensitive personal information of members, including **names, addresses, phone numbers, Social Security numbers, financial account details, and dates of birth**. While the breach was confined to Marquis’ environment and did not compromise CoVantage’s internal systems, at least **22 individuals in New Hampshire were confirmed affected**, with broader exposure likely across states like Wisconsin, Michigan, and Illinois. The breach was disclosed to authorities on **November 26, 2025**, following an investigation that began in September. Affected individuals were offered **24 months of credit monitoring, identity theft insurance ($1M), dark web monitoring, and restoration services** through Epiq Privacy Solutions. The incident highlights risks tied to third-party vendor vulnerabilities, exposing customers to potential **identity theft, financial fraud, and long-term reputational harm** for the credit union. Vigilance via credit freezes and monitoring was strongly advised for impacted members.
Source: https://www.claimdepot.com/data-breach/covantage-credit-union-2025
CoVantage Credit Union cybersecurity rating report: https://www.rankiteo.com/company/covantage-credit-union
"id": "COV4964449112725",
"linkid": "covantage-credit-union",
"type": "Breach",
"date": "8/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'At least 22 in New Hampshire '
'(total number likely higher '
'across other states)',
'industry': 'Financial Services',
'location': ['Northern Wisconsin',
'Upper Michigan',
'Illinois',
'New Hampshire'],
'name': 'CoVantage Credit Union',
'type': 'Credit Union'},
{'industry': 'Digital and Physical Marketing Services',
'name': 'Marquis Software Solutions',
'type': 'Third-Party Vendor'}],
'customer_advisories': ['Mailed notifications with enrollment instructions '
'for credit monitoring',
'Dedicated response line (855-403-1764) for '
'questions'],
'data_breach': {'data_exfiltration': 'Likely (files containing sensitive data '
'acquired by unauthorized third party)',
'number_of_records_exposed': 'At least 22 (New Hampshire); '
'total unknown (likely higher '
'across other states)',
'personally_identifiable_information': ['Names',
'Addresses',
'Phone numbers',
'Social Security '
'numbers',
'Dates of birth'],
'sensitivity_of_data': 'High (includes SSNs, financial '
'account information)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Financial Data']},
'date_detected': '2025-08-14',
'date_publicly_disclosed': '2025-10-27',
'description': 'On Aug. 14, 2025, CoVantage Credit Union, through its '
'third-party vendor Marquis Software Solutions, experienced a '
'data breach affecting some of its members. An unauthorized '
'third party accessed Marquis’ systems and may have acquired '
'files containing sensitive personal information, including '
'names, addresses, phone numbers, Social Security numbers, '
'financial account information, and dates of birth. The breach '
'was limited to Marquis’ environment and did not impact '
'CoVantage Credit Union’s internal systems. Marquis launched '
'an investigation with cybersecurity experts, notified federal '
'law enforcement, and began notifying clients on Oct. 27, '
'2025. Affected individuals are being offered 24 months of '
'complimentary credit monitoring and identity protection '
'services.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'exposure of sensitive member data',
'data_compromised': ['Names',
'Addresses',
'Phone numbers',
'Social Security numbers',
'Financial account information',
'Dates of birth'],
'identity_theft_risk': 'High (due to exposure of SSNs, financial '
'data, and PII)',
'payment_information_risk': 'High (financial account information '
'exposed)',
'systems_affected': "Marquis Software Solutions' network "
'(third-party vendor)'},
'investigation_status': 'Ongoing (as of latest disclosure)',
'recommendations': ['Monitor account statements and credit reports for '
'unauthorized activity',
'Enroll in complimentary credit monitoring services',
'Consider placing a fraud alert or security freeze on '
'credit reports',
'Remain vigilant for signs of identity theft'],
'references': [{'date_accessed': '2025-11-26',
'source': 'New Hampshire Attorney General’s Office'}],
'regulatory_compliance': {'regulatory_notifications': ['New Hampshire '
'Attorney General '
'(disclosed on '
'2025-11-26)']},
'response': {'communication_strategy': ['Mailed notifications to affected '
'individuals with enrollment '
'instructions',
'Public disclosure via New Hampshire '
'Attorney General’s website '
'(2025-11-26)',
'Encouragement for vigilance '
'(monitoring account statements, '
'credit reports, fraud alerts, '
'security freezes)'],
'incident_response_plan_activated': True,
'law_enforcement_notified': True,
'recovery_measures': ['24 months of complimentary credit '
'monitoring and identity protection '
'services (via Epiq Privacy Solutions ID)',
'Three-bureau credit monitoring',
'Credit report and score access',
'$1 million in identity theft insurance',
'Dark web monitoring',
'Lost wallet assistance',
'Identity restoration services',
'Dedicated response line (855-403-1764)'],
'remediation_measures': ['Investigation to identify affected '
'individuals and compromised data',
'Notification to clients and affected '
'members'],
'third_party_assistance': 'Cybersecurity experts engaged for '
'investigation'},
'threat_actor': 'Unauthorized third party',
'title': 'CoVantage Credit Union Data Breach via Third-Party Vendor Marquis '
'Software Solutions',
'type': 'Data Breach'}