Shamis & Gentile P.A., one of the nation's premier class action law firms specializing in data breach cases, is investigating the Maine State Credit Union data breach.
If you were affected by the data breach, your sensitive personally identifiable information may have been exposed, and you may be eligible for compensation.
About Maine State Credit Union
Maine State Credit Union is a financial institution based in Maine, serving more than 35,000 members. Established in 1935, it began as a banking option for state employees and has since expanded its membership eligibility to include people who live, work, worship, or attend school in several counties across the state.
The credit union offers a wide range of financial services, including checking and savings accounts, loans, credit cards, and digital banking options.
What Happened?
On Aug. 14, 2025, Marquis Software Solutions, a vendor providing digital and physical marketing services to Maine State Credit Union, detected suspicious activity on its network. Marquis determined it was the victim of a ransomware attack, and an unauthorized third party accessed its systems through a SonicWall firewall.
After a forensic investigation, Marquis found that files containing personal information from Maine State Credit Union members may have been accessed and acquired. Marquis notified affected business customers between Oct. 27 and Nov. 25, 2025, and has been working to provide notifications to individuals and regulatory bodies.
Maine State Credit Union cybersecurity rating report: https://www.rankiteo.com/company/maine-state-credit-union
"id": "MAI1764797327",
"linkid": "maine-state-credit-union",
"type": "Ransomware",
"date": "12/2025",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'incident': {'affected_entities': [{'customers_affected': None,
'industry': 'Banking/Financial Services',
'location': 'Maine, USA',
'name': 'Maine State Credit Union',
'size': '35,000+ members',
'type': 'Financial Institution (Credit '
'Union)'},
{'customers_affected': None,
'industry': 'Technology/Software',
'location': None,
'name': 'Marquis Software Solutions',
'size': None,
'type': 'Vendor (Digital and Physical '
'Marketing Services)'}],
'attack_vector': 'SonicWall firewall vulnerability',
'customer_advisories': 'Notifications sent to affected '
'individuals between Oct. 27 and Nov. 25, '
'2025',
'data_breach': {'data_encryption': None,
'data_exfiltration': 'Possible',
'file_types_exposed': None,
'number_of_records_exposed': None,
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Personally '
'identifiable '
'information'},
'date_detected': '2025-08-14',
'date_publicly_disclosed': '2025-10-27',
'description': 'Marquis Software Solutions, a vendor providing '
'digital and physical marketing services to Maine '
'State Credit Union, detected suspicious activity '
'on its network. The incident was identified as a '
'ransomware attack, and an unauthorized third '
'party accessed its systems through a SonicWall '
'firewall. Files containing personal information '
'from Maine State Credit Union members may have '
'been accessed and acquired.',
'impact': {'brand_reputation_impact': None,
'conversion_rate_impact': None,
'customer_complaints': None,
'data_compromised': 'Personally identifiable '
'information',
'downtime': None,
'financial_loss': None,
'identity_theft_risk': 'High',
'legal_liabilities': None,
'operational_impact': None,
'payment_information_risk': None,
'revenue_loss': None,
'systems_affected': 'Marquis Software Solutions '
'network'},
'initial_access_broker': {'backdoors_established': None,
'data_sold_on_dark_web': None,
'entry_point': 'SonicWall firewall',
'high_value_targets': None,
'reconnaissance_period': None},
'investigation_status': 'Ongoing',
'post_incident_analysis': {'corrective_actions': None,
'root_causes': 'Vendor vulnerability '
'(SonicWall firewall)'},
'ransomware': {'data_encryption': None,
'data_exfiltration': 'Possible',
'ransom_demanded': None,
'ransom_paid': None,
'ransomware_strain': None},
'references': [{'date_accessed': None,
'source': 'Shamis & Gentile P.A. Investigation '
'Announcement',
'url': None}],
'regulatory_compliance': {'fines_imposed': None,
'legal_actions': 'Investigation by '
'Shamis & Gentile '
'P.A. for potential '
'compensation',
'regulations_violated': None,
'regulatory_notifications': 'Yes'},
'response': {'adaptive_behavioral_waf': None,
'communication_strategy': 'Notifications sent to '
'affected individuals and '
'regulatory bodies '
'between Oct. 27 and Nov. '
'25, 2025',
'containment_measures': None,
'enhanced_monitoring': None,
'incident_response_plan_activated': None,
'law_enforcement_notified': None,
'network_segmentation': None,
'on_demand_scrubbing_services': None,
'recovery_measures': None,
'remediation_measures': None,
'third_party_assistance': None},
'title': 'Maine State Credit Union Data Breach via Vendor '
'Ransomware Attack',
'type': 'Ransomware Attack',
'vulnerability_exploited': 'SonicWall firewall'}}