On Nov. 26, 2025, it was disclosed that Valley Strong Credit Union, a prominent California-based financial cooperative, was impacted by a data breach involving its third-party marketing and communications vendor, Marquis Software Solutions Inc. The breach originated from Marquis, not from Valley Strong’s internal systems, but it resulted in the exposure of sensitive member data.
The incident began on Aug. 14, 2025, when Marquis detected suspicious activity on its network. A subsequent investigation revealed that an unauthorized third party had accessed Marquis’ environment through a vulnerability in its SonicWall firewall.
This breach allowed the attacker to potentially acquire files containing personal information from Marquis’ systems. The breach was limited to Marquis and did not affect Valley Strong’s own network.
As part of the fallout of the Marquis data breach, both the Maine Attorney General’s office and the Washington Attorney General’s office received formal disclosures about the incident. According to these filings, 54 Maine residents and 1,640 Washington residents affiliated with Valley Strong were affected.
The exposed information included names, addresses, phone numbers, Social Security numbers, Taxpayer Identification Numbers, financial account information, and dates of birth.
The breach’s severity stems from the nature of the data exposed, as Social Security numbers and financial account details are highly sensitive and can be misused for identity theft o
Source: https://www.claimdepot.com/data-breach/valley-strong-credit-union-2025
Valley Strong Credit Union cybersecurity rating report: https://www.rankiteo.com/company/valley-strong-credit-union
"id": "VAL1764887514",
"linkid": "valley-strong-credit-union",
"type": "Breach",
"date": "8/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '1,694 (54 Maine '
'residents and '
'1,640 Washington '
'residents)',
'industry': 'Financial Services',
'location': 'California, USA',
'name': 'Valley Strong Credit Union',
'size': None,
'type': 'Financial Cooperative'},
{'customers_affected': None,
'industry': 'Marketing and Communications',
'location': None,
'name': 'Marquis Software Solutions Inc.',
'size': None,
'type': 'Third-Party Vendor'}],
'attack_vector': 'Third-Party Vendor Compromise',
'data_breach': {'data_encryption': None,
'data_exfiltration': None,
'file_types_exposed': None,
'number_of_records_exposed': None,
'personally_identifiable_information': ['Names',
'Addresses',
'Phone '
'Numbers',
'Social '
'Security '
'Numbers',
'Taxpayer '
'Identification '
'Numbers',
'Dates '
'of '
'Birth'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally '
'Identifiable '
'Information',
'Financial Account '
'Information']},
'date_detected': '2025-08-14',
'date_publicly_disclosed': '2025-11-26',
'description': 'Valley Strong Credit Union was impacted by a '
'data breach involving its third-party marketing '
'and communications vendor, Marquis Software '
'Solutions Inc. The breach exposed sensitive '
'member data, including names, addresses, phone '
'numbers, Social Security numbers, Taxpayer '
'Identification Numbers, financial account '
'information, and dates of birth.',
'impact': {'brand_reputation_impact': 'Potential brand '
'reputation damage due to '
'exposure of sensitive '
'data',
'conversion_rate_impact': None,
'customer_complaints': None,
'data_compromised': 'Sensitive member data including '
'names, addresses, phone numbers, '
'Social Security numbers, '
'Taxpayer Identification Numbers, '
'financial account information, '
'and dates of birth',
'downtime': None,
'financial_loss': None,
'identity_theft_risk': 'High risk of identity theft '
'due to exposure of Social '
'Security numbers and '
'financial account details',
'legal_liabilities': None,
'operational_impact': None,
'payment_information_risk': 'High risk due to '
'exposure of financial '
'account information',
'revenue_loss': None,
'systems_affected': 'Marquis Software Solutions Inc. '
'systems'},
'initial_access_broker': {'backdoors_established': None,
'data_sold_on_dark_web': None,
'entry_point': 'Vulnerability in '
'SonicWall firewall',
'high_value_targets': None,
'reconnaissance_period': None},
'post_incident_analysis': {'corrective_actions': None,
'root_causes': 'Third-party vendor '
'compromise due to '
'unpatched '
'vulnerability in '
'SonicWall firewall'},
'ransomware': {'data_encryption': None,
'data_exfiltration': None,
'ransom_demanded': None,
'ransom_paid': None,
'ransomware_strain': None},
'references': [{'date_accessed': None,
'source': 'Maine Attorney General’s office',
'url': None},
{'date_accessed': None,
'source': 'Washington Attorney General’s office',
'url': None}],
'regulatory_compliance': {'fines_imposed': None,
'legal_actions': None,
'regulations_violated': None,
'regulatory_notifications': ['Maine '
'Attorney '
'General’s '
'office',
'Washington '
'Attorney '
'General’s '
'office']},
'response': {'adaptive_behavioral_waf': None,
'communication_strategy': None,
'containment_measures': None,
'enhanced_monitoring': None,
'incident_response_plan_activated': None,
'law_enforcement_notified': None,
'network_segmentation': None,
'on_demand_scrubbing_services': None,
'recovery_measures': None,
'remediation_measures': None,
'third_party_assistance': None},
'title': 'Valley Strong Credit Union Third-Party Data Breach via '
'Marquis Software Solutions',
'type': 'Data Breach',
'vulnerability_exploited': 'Vulnerability in SonicWall firewall'}