1st MidAmerica Data Breach Affects 131k Members

1st MidAmerica Credit Union, a member-owned financial institution serving Illinois and Missouri, was a part of a data breach that impacted more than 131,000 individuals across the United States, including 7 individuals in both Maine and New Hampshire. The breach involved sensitive personal information and was the result of a cybersecurity incident at one of the credit union’s third-party vendors.

On Aug. 14, 2025, 1st MidAmerica Credit Union (MACU) was notified by Marquis Software Solutions, a digital and physical marketing and communications vendor, that suspicious activity had been detected on Marquis’ network. Marquis determined that an unauthorized third party had gained access to their computing environment and may have acquired files containing personal information belonging to MACU members.

By Oct. 27, 2025, Marquis provided MACU with a list of potentially affected data. On Nov. 24, 2025, MACU confirmed that the personal information of seven Maine residents was among the compromised data.

The information exposed included first and last names and Social Security numbers. This type of information is considered personally identifiable information (PII) and is particularly sensitive, as it can be used for identity theft and other forms of fraud.

The breach was limited to Marquis’ environment, and there is no evidence that MACU’s internal systems were compromised.

The breach was formally disclosed to the Maine Attorney General on Jan. 30, 2026, and on Feb. 2, 2026, to both the New Hampshire and Vermont attorneys general.

1st MidAmerica Credit Union's response

Marquis has enhanced its security controls and is reviewing its policies to help prevent future incidents.

In response to the breach, MACU worked with Marquis to notify all affected individuals. Written notification letters were mailed to those whose information was involved, with notification to Maine residents sent on Jan. 22, 2026.

To help protect affected individuals, MACU is offering 24 months of complimentary single-bureau credit monitoring, fraud consultation, and identity theft restoration services through Epiq Privacy Solutions ID. This service includes credit monitoring with alerts, dark web monitoring, credit protection, change of address monitoring, and dedicated identity restoration specialists.

Those affected are encouraged to:

• Enroll in the offered credit monitoring service before the enrollment deadline
• Monitor account statements, credit reports, and explanation of benefits forms for suspicious activity
• Place a fraud alert or credit freeze on their credit file if they suspect misuse of their information
• Report any suspected identity theft to law enforcement and the Federal Trade Commission