ANTIGO, Wis.—CoVantage Credit Union is notifying members of a significant third-party data breach after its marketing vendor, Marquis Software Solutions, reported that unauthorized actors accessed files containing sensitive personal information belonging to an estimated 160,000 CoVantage members, according to Claim Depot.
The breach occurred on Aug. 14, 2025, when Marquis—provider of digital and physical marketing services for the $4-billion CU—detected suspicious activity on its network and determined a cybersecurity incident had taken place. An outside party gained access to Marquis’ systems and may have obtained files holding member data, Claim Depot reported.
The incident was isolated to Marquis’ environment and did not affect CoVantage’s internal systems, Claim Depot reported.
After discovering the intrusion, Marquis launched an investigation with assistance from cybersecurity forensics experts and notified federal law enforcement. By Sept. 8, the vendor had begun identifying affected individuals and the specific data exposed. Marquis then notified client institutions—including CoVantage—on Oct. 27 about the compromised files, Claim Depot explained.
State filings show that, as of the latest disclosures, the breach affected 22 individuals in New Hampshire and 21 in Maine, with additional impacts expected across CoVantage’s service areas, including northern Wisconsin, Upper Michigan, and Illinois.
The vendor began formally notifying state attorneys general on Nov. 26, according to Claim Depot.
Marquis reported that the accessed files may have contained a range of sensitive member information, including names, addresses, phone numbers, dates of birth, Social Security numbers and financial account information.