Recently, Pelican CU announced that it had experienced a data breach in which sensitive personal identifiable information in its care may have been compromised. According to the breach notice shared on its website, in August 2025, Marquis Software Solutions (“Marquis”), a third-party software and services provider for Pelican CU, informed Pelican CU of a network outage that it later identified as a data security incident on its network.1 As a result, Marquis launched an investigation to determine the nature of the incident.
Through its investigation, Marquis confirmed to Pelican CU that sensitive personal information in its systems related to Pelican CU members may have been accessed and acquired by an unauthorized third party during the breach. As a result, Pelican CU began a review of the data to determine what information had been impacted as well as identify the specific individuals affected. While the information impacted varies depending on the individual, the type of information potentially exposed includes:
Name
Social Security number
Date of birth
Tax identification number
Financial account number
Payment card data
As a result of the breach, Pelican CU posted notice of the breach on its website. Additionally, Marquis has begun mailing data breach notification letters to impacted individuals. Based on the website breach notice, Pelican CU and Marquis are providing affected individuals with a list of the specific types of sensitive information impacted and comp
Source: https://straussborrelli.com/2025/12/02/pelican-credit-union-data-breach-investigation/
Pelican Credit Union cybersecurity rating report: https://www.rankiteo.com/company/pelican-credit-union
"id": "PEL1764728246",
"linkid": "pelican-credit-union",
"type": "Breach",
"date": "12/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'incident': {'affected_entities': [{'customers_affected': 'Members of Pelican '
'CU',
'industry': 'Banking/Credit Union',
'location': None,
'name': 'Pelican Credit Union (Pelican '
'CU)',
'size': None,
'type': 'Financial Institution'},
{'customers_affected': 'Pelican CU members',
'industry': 'Software/Services Provider',
'location': None,
'name': 'Marquis Software Solutions',
'size': None,
'type': 'Third-Party Vendor'}],
'attack_vector': 'Third-Party Vendor Compromise',
'customer_advisories': 'Data breach notification letters mailed '
'to impacted individuals; breach notice '
'posted on Pelican CU website',
'data_breach': {'data_encryption': None,
'data_exfiltration': 'Potential',
'file_types_exposed': None,
'number_of_records_exposed': None,
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Name',
'Social Security '
'number',
'Date of birth',
'Tax identification '
'number',
'Financial account '
'number',
'Payment card '
'data']},
'date_detected': '2025-08',
'description': 'Pelican Credit Union (Pelican CU) experienced a '
'data breach where sensitive personal '
'identifiable information may have been '
'compromised. The breach occurred through Marquis '
'Software Solutions, a third-party software and '
'services provider for Pelican CU. Marquis '
'identified a network outage in August 2025 as a '
'data security incident, leading to an '
'investigation that confirmed unauthorized access '
'and acquisition of sensitive data related to '
'Pelican CU members.',
'impact': {'brand_reputation_impact': 'Potential reputational '
'damage to Pelican CU',
'conversion_rate_impact': None,
'customer_complaints': None,
'data_compromised': 'Sensitive personal identifiable '
'information',
'downtime': None,
'financial_loss': None,
'identity_theft_risk': 'High',
'legal_liabilities': None,
'operational_impact': None,
'payment_information_risk': 'High',
'revenue_loss': None,
'systems_affected': 'Marquis Software Solutions '
'network'},
'initial_access_broker': {'backdoors_established': None,
'data_sold_on_dark_web': None,
'entry_point': None,
'high_value_targets': None,
'reconnaissance_period': None},
'investigation_status': 'Ongoing',
'post_incident_analysis': {'corrective_actions': None,
'root_causes': 'Third-party vendor '
'(Marquis Software '
'Solutions) network '
'compromise'},
'ransomware': {'data_encryption': None,
'data_exfiltration': None,
'ransom_demanded': None,
'ransom_paid': None,
'ransomware_strain': None},
'references': [{'date_accessed': None,
'source': 'Pelican CU Breach Notice',
'url': None}],
'regulatory_compliance': {'fines_imposed': None,
'legal_actions': None,
'regulations_violated': None,
'regulatory_notifications': None},
'response': {'adaptive_behavioral_waf': None,
'communication_strategy': 'Breach notice posted on '
'Pelican CU website; data '
'breach notification '
'letters mailed to '
'impacted individuals',
'containment_measures': None,
'enhanced_monitoring': None,
'incident_response_plan_activated': None,
'law_enforcement_notified': None,
'network_segmentation': None,
'on_demand_scrubbing_services': None,
'recovery_measures': None,
'remediation_measures': None,
'third_party_assistance': None},
'threat_actor': 'Unauthorized Third Party',
'title': 'Pelican CU Data Breach via Third-Party Vendor (Marquis '
'Software Solutions)',
'type': 'Data Breach'}}