Gesa Credit Union Vendor Data Breach Affects 151K Members in Washington

One of Washington state’s largest not-for-profit financial cooperatives, Gesa Credit Union, has reported a major data breach affecting more than 151,000 individuals in the state of Washington. The breach was not the result of a compromise to Gesa’s own systems, but rather occurred at Marquis Software Solutions, a former marketing and communications vendor for the credit union.

On Aug. 14, 2025, Marquis discovered suspicious activity on its network. After an investigation with third-party cybersecurity experts, Marquis determined that an unauthorized third party had accessed and acquired files from its systems.

The data accessed included members’ first and last names in combination with one or more of the following: dates of birth, Social Security numbers, financial account information, payment card information and/or taxpayer identification numbers.

According to a disclosure filed with the Washington Attorney General’s office, a total of 151,612 individuals in the state were affected. The breach highlights the risks organizations face when third-party vendors handle sensitive consumer data, especially when those vendors are no longer in an active business relationship. Gesa has not worked with Marquis since 2020.

Gesa Credit Union's response

Gesa encourages all affected individuals to remain vigilant by regularly reviewing credit reports, account statements and explanation of benefits forms for any suspicious activity. Under U.S. law, individuals are entitled to one free credit report annually from each of the three major credit bureaus: TransUnion, Experian and Equifax. Affected individuals may also place a fraud alert or credit freeze on their credit files at no cost.

For further support, Marquis has set up a dedicated assistance line at 855-403-1764, available Monday through Friday, 9 a.m. to 9 p.m. ET (excluding holidays). Additional information and ongoing updates are available on the Gesa Credit Union data security notice page.