Recently, iQ reported to the Attorney General of Washington that it had experienced a data breach in which sensitive personal identifiable information in its care may have been compromised. According to the breach notice, on August 14, Marquis Software Solutions (“Marquis”), a third-party vendor for iQ, detected suspicious activity on its network and determined that it had experienced a ransomware attack.1 As a result, Marquis launched an investigation to determine the nature of the incident.
Through its investigation, Marquis confirmed to iQ that sensitive personal information in its systems may have been accessed and acquired by an unauthorized third party during the breach. As a result, Marquis began a review of the data to determine what information had been impacted as well as identify the specific individuals affected. While the information impacted varies depending on the individual, the type of information potentially exposed includes:
Name
Social Security number
Address
Phone number
Taxpayer identification number
Financial account information without security or access codes
Date of birth
As a result of the breach, on behalf of iQ, Marquis began mailing data breach notification letters to impacted individuals. Based on the breach notice sent to Washington residents, iQ and Marquis are providing affected individuals with a list of the specific types of sensitive information impacted and complimentary credit monitoring services. A link to the breach notificati
Source: https://straussborrelli.com/2025/12/04/iq-credit-union-data-breach-investigation/
IQ Solutions cybersecurity rating report: https://www.rankiteo.com/company/iq-solutions
"id": "IQ-1764897582",
"linkid": "iq-solutions",
"type": "Ransomware",
"date": "12/2025",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'incident': {'affected_entities': [{'customers_affected': 'Individuals whose '
'data was '
'compromised',
'industry': None,
'location': None,
'name': 'iQ',
'size': None,
'type': 'Company'},
{'customers_affected': None,
'industry': 'Software Solutions',
'location': None,
'name': 'Marquis Software Solutions',
'size': None,
'type': 'Third-party vendor'}],
'attack_vector': 'Third-party vendor compromise',
'customer_advisories': 'Data breach notification letters with '
'credit monitoring services',
'data_breach': {'data_encryption': None,
'data_exfiltration': 'Potential acquisition by '
'unauthorized third party',
'file_types_exposed': None,
'number_of_records_exposed': None,
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High (Personally '
'Identifiable '
'Information)',
'type_of_data_compromised': ['Name',
'Social Security '
'number',
'Address',
'Phone number',
'Taxpayer '
'identification '
'number',
'Financial account '
'information '
'without security '
'or access codes',
'Date of birth']},
'date_detected': '2023-08-14',
'description': 'iQ reported a data breach where sensitive '
'personal identifiable information may have been '
'compromised due to a ransomware attack on its '
'third-party vendor, Marquis Software Solutions. '
'The breach involved unauthorized access and '
'acquisition of personal data.',
'impact': {'brand_reputation_impact': 'Potential reputational '
'damage to iQ and Marquis',
'conversion_rate_impact': None,
'customer_complaints': None,
'data_compromised': 'Sensitive personal identifiable '
'information',
'downtime': None,
'financial_loss': None,
'identity_theft_risk': 'High',
'legal_liabilities': 'Potential legal actions due to '
'data breach',
'operational_impact': None,
'payment_information_risk': 'Moderate (financial '
'account information '
'without security/access '
'codes)',
'revenue_loss': None,
'systems_affected': 'Marquis Software Solutions '
'network'},
'initial_access_broker': {'backdoors_established': None,
'data_sold_on_dark_web': None,
'entry_point': None,
'high_value_targets': None,
'reconnaissance_period': None},
'investigation_status': 'Ongoing (as of breach notice)',
'post_incident_analysis': {'corrective_actions': None,
'root_causes': 'Ransomware attack on '
'third-party vendor '
'(Marquis Software '
'Solutions)'},
'ransomware': {'data_encryption': None,
'data_exfiltration': 'Potential',
'ransom_demanded': None,
'ransom_paid': None,
'ransomware_strain': None},
'references': [{'date_accessed': None,
'source': 'Breach notice to Attorney General of '
'Washington',
'url': None}],
'regulatory_compliance': {'fines_imposed': None,
'legal_actions': None,
'regulations_violated': None,
'regulatory_notifications': 'Notification '
'to '
'Attorney '
'General '
'of '
'Washington'},
'response': {'adaptive_behavioral_waf': None,
'communication_strategy': 'Breach notification '
'letters to affected '
'individuals',
'containment_measures': None,
'enhanced_monitoring': None,
'incident_response_plan_activated': None,
'law_enforcement_notified': None,
'network_segmentation': None,
'on_demand_scrubbing_services': None,
'recovery_measures': 'Mailing data breach '
'notification letters, '
'providing credit monitoring '
'services',
'remediation_measures': 'Review of impacted data, '
'identification of affected '
'individuals',
'third_party_assistance': None},
'title': 'iQ Data Breach via Third-Party Vendor Marquis Software '
'Solutions',
'type': 'Data Breach, Ransomware'}}