On August 14, 2025, a significant data breach involving Maine State Credit Union was discovered after Marquis Software Solutions Inc., a third-party digital and physical marketing vendor, detected suspicious activity on its network.
The investigation revealed Marquis was the victim of a ransomware attack, with the unauthorized party gaining access to the network through its SonicWall firewall. This breach allowed the attacker to potentially acquire files containing sensitive information from Marquis’ systems.
According to a disclosure filed with the Maine Attorney General’s office on Dec. 2, 2025, the Marquis cybersecurity incident impacted 38,334 Maine residents associated with Maine State Credit Union. The types of consumer information exposed included names, addresses, phone numbers, Social Security numbers, Taxpayer Identification Numbers, financial account information and dates of birth.
This information is considered personally identifiable information (PII), and significantly raises the risk of identity theft and fraud for impacted individuals.
Maine State Credit Union’s response
After discovering the breach, Marquis promptly launched an investigation, engaged cybersecurity experts through legal counsel and notified federal law enforcement. Marquis then conducted a thorough review of the compromised files to determine the scope and nature of the data involved. By late October, Marquis began notifying affected business customers, including Maine State Credit Union,
Source: https://www.claimdepot.com/data-breach/maine-state-credit-union-via-marquis-software-solutions-2025
Marquis cybersecurity rating report: https://www.rankiteo.com/company/marquis-software-solutions
"id": "MAR1764797814",
"linkid": "marquis-software-solutions",
"type": "Ransomware",
"date": "12/2025",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'incident': {'affected_entities': [{'customers_affected': '38,334 Maine '
'residents',
'industry': 'Financial Services',
'location': 'Maine, USA',
'name': 'Maine State Credit Union',
'size': None,
'type': 'Credit Union'},
{'customers_affected': None,
'industry': 'Digital and Physical '
'Marketing',
'location': None,
'name': 'Marquis Software Solutions Inc.',
'size': None,
'type': 'Third-party vendor'}],
'attack_vector': 'SonicWall firewall vulnerability',
'customer_advisories': 'Notifications sent to affected '
'individuals',
'data_breach': {'data_encryption': None,
'data_exfiltration': None,
'file_types_exposed': None,
'number_of_records_exposed': '38,334',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Names',
'Addresses',
'Phone numbers',
'Social Security '
'numbers',
'Taxpayer '
'Identification '
'Numbers',
'Financial account '
'information',
'Dates of birth']},
'date_detected': '2025-08-14',
'date_publicly_disclosed': '2025-12-02',
'description': 'A significant data breach involving Maine State '
'Credit Union was discovered after Marquis '
'Software Solutions Inc., a third-party digital '
'and physical marketing vendor, detected '
'suspicious activity on its network. The '
'investigation revealed a ransomware attack that '
'allowed unauthorized access to sensitive '
"information through Marquis' SonicWall firewall.",
'impact': {'brand_reputation_impact': 'Significant',
'conversion_rate_impact': None,
'customer_complaints': None,
'data_compromised': 'Personally identifiable '
'information (PII)',
'downtime': None,
'financial_loss': None,
'identity_theft_risk': 'High',
'legal_liabilities': None,
'operational_impact': None,
'payment_information_risk': 'High',
'revenue_loss': None,
'systems_affected': 'Marquis Software Solutions Inc. '
'network'},
'initial_access_broker': {'backdoors_established': None,
'data_sold_on_dark_web': None,
'entry_point': 'SonicWall firewall',
'high_value_targets': None,
'reconnaissance_period': None},
'investigation_status': 'Ongoing',
'post_incident_analysis': {'corrective_actions': None,
'root_causes': 'SonicWall firewall '
'vulnerability'},
'ransomware': {'data_encryption': None,
'data_exfiltration': 'Potential',
'ransom_demanded': None,
'ransom_paid': None,
'ransomware_strain': None},
'references': [{'date_accessed': None,
'source': 'Maine Attorney General’s office '
'disclosure',
'url': None}],
'regulatory_compliance': {'fines_imposed': None,
'legal_actions': None,
'regulations_violated': None,
'regulatory_notifications': 'Maine '
'Attorney '
'General’s '
'office'},
'response': {'adaptive_behavioral_waf': None,
'communication_strategy': 'Notifications to '
'affected business '
'customers, including '
'Maine State Credit Union',
'containment_measures': None,
'enhanced_monitoring': None,
'incident_response_plan_activated': 'Yes',
'law_enforcement_notified': 'Federal law '
'enforcement',
'network_segmentation': None,
'on_demand_scrubbing_services': None,
'recovery_measures': None,
'remediation_measures': 'Thorough review of '
'compromised files',
'third_party_assistance': 'Cybersecurity experts '
'through legal counsel'},
'title': 'Marquis Software Solutions Ransomware Attack Affecting '
'Maine State Credit Union',
'type': 'Ransomware, Data Breach',
'vulnerability_exploited': 'SonicWall firewall'}}