On August 14, 2025, Marquis Software Solutions—a technology vendor serving banks and credit unions—detected suspicious network activity, later confirmed as a **ransomware attack**. Despite paying a ransom, sensitive member data (including PII such as names, dates of birth, account numbers, and Social Security/Tax ID numbers) was exposed on the black market. The breach impacted **6,876 members**, including **6,511 Iowa residents**, with data dating prior to 2020. The exposure poses risks of **identity theft and financial fraud**, prompting notifications to affected individuals, law enforcement, and the Iowa Attorney General (November 7, 2025). Marquis offered complimentary identity protection services (credit/dark web monitoring, identity restoration) to mitigate harm. The incident underscores vulnerabilities in third-party vendor security, with long-term reputational and financial consequences for both Marquis and its client institutions, including **Community 1st Credit Union**.
Source: https://www.claimdepot.com/data-breach/marquis-software-solutions-2025
Marquis cybersecurity rating report: https://www.rankiteo.com/company/marquis-software-solutions
"id": "MAR4893548111825",
"linkid": "marquis-software-solutions",
"type": "Ransomware",
"date": "6/2020",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'customers_affected': '6,876 members (including 6,511 '
'Iowa residents)',
'industry': 'financial services (banking/credit union '
'software)',
'name': 'Marquis Software Solutions',
'type': 'technology vendor'},
{'industry': 'financial services',
'location': 'Iowa, USA',
'name': 'Community 1st Credit Union',
'type': 'credit union'}],
'customer_advisories': ['Data breach notices sent to affected members.',
'Complimentary Epiq Privacy Solutions ID membership '
'offered (includes credit monitoring, dark web '
'monitoring, identity restoration).',
'Guidance provided on steps to mitigate identity '
'theft risk.'],
'data_breach': {'data_encryption': True,
'data_exfiltration': True,
'number_of_records_exposed': '6,876',
'personally_identifiable_information': True,
'sensitivity_of_data': 'high (financial and identity-related)',
'type_of_data_compromised': ['PII (name, date of birth, '
'account number, Social '
'Security/Tax ID number)',
'member account data']},
'date_detected': '2025-08-14',
'date_publicly_disclosed': '2025-10-27',
'description': 'On Aug. 14, 2025, Marquis Software Solutions, a technology '
'vendor serving hundreds of banks and credit unions, '
'discovered suspicious activity on its network. The incident '
'was later identified as a ransomware attack that exposed '
'sensitive member account information dating prior to 2020. '
'Despite paying a ransom, data was still exposed on the black '
'market, affecting 6,876 members, including 6,511 Iowa '
'residents. The exposed PII includes names, dates of birth, '
'account numbers, and Social Security/Tax ID numbers, posing '
'risks of identity theft and financial fraud.',
'impact': {'brand_reputation_impact': 'high (potential loss of trust among '
'financial institution clients)',
'data_compromised': ['personally identifiable information (PII)',
'member account data'],
'identity_theft_risk': 'high',
'legal_liabilities': ['potential lawsuits', 'regulatory scrutiny']},
'initial_access_broker': {'data_sold_on_dark_web': True,
'high_value_targets': ['member account data '
'(pre-2020)']},
'investigation_status': 'ongoing (as of 2025-11-07)',
'motivation': ['financial gain', 'data exfiltration'],
'post_incident_analysis': {'corrective_actions': ['Strengthened security '
'measures',
'Engaged cybersecurity '
'experts for assessment']},
'ransomware': {'data_encryption': True,
'data_exfiltration': True,
'ransom_paid': True},
'recommendations': ['Monitor credit reports and financial accounts for '
'suspicious activity.',
'Enroll in the complimentary Epiq Privacy Solutions ID '
'services (credit monitoring, dark web monitoring, '
'identity restoration).',
'Consider placing a fraud alert or credit freeze with '
'major credit bureaus.',
'Report any unauthorized transactions or identity theft '
'attempts immediately.'],
'references': [{'source': 'Community 1st Credit Union Breach Notice'},
{'source': 'Iowa Attorney General Office'}],
'regulatory_compliance': {'regulatory_notifications': ['Iowa Attorney General '
'(notified on '
'2025-11-07)']},
'response': {'communication_strategy': ['notifications to affected financial '
'institutions',
'member breach notices',
'Iowa Attorney General notification '
'(2025-11-07)'],
'enhanced_monitoring': True,
'incident_response_plan_activated': True,
'law_enforcement_notified': True,
'remediation_measures': ['strengthened security measures'],
'third_party_assistance': ['cybersecurity experts',
'Epiq Privacy Solutions ID']},
'stakeholder_advisories': ['Notified affected financial institutions',
'Provided identity protection services to impacted '
'members'],
'title': 'Marquis Software Solutions Ransomware and Data Breach (2025)',
'type': ['ransomware', 'data breach']}