iQ Credit Union Data Breach Affects 111,368 in Washington: Social Security Numbers Exposed

On Nov. 26, 2025, iQ Credit Union, a member-owned financial cooperative based in the Pacific Northwest, was named in a large-scale data breach disclosure filed with the Washington Attorney General’s office. The breach was not the result of a direct attack on iQ Credit Union’s own systems, but rather stemmed from a ransomware incident at Marquis Software Solutions, Inc., a third-party digital and physical marketing vendor that works with iQ Credit Union and other financial institutions.

The incident began on Aug. 14, 2025, when Marquis detected suspicious activity on its network. A forensic investigation later determined that an unauthorized third party had exploited Marquis’ SonicWall firewall, gaining access to its internal environment. The attacker was able to acquire files containing sensitive information belonging to customers of Marquis’ clients, including iQ Credit Union.

According to the official breach notification filed with the Washington Attorney General, the breach affected 111,368 Washington residents whose data was processed by iQ Credit Union and stored by Marquis.

The exposed personally identifiable information (PII) included names, addresses, phone numbers, Social Security numbers, Taxpayer Identification Numbers, financial account information (excluding security or access codes), and dates of birth. No protected health information (PHI) was involved.

iQ Credit Union’s response

For those affected, Marquis is working with iQ Credit Union to provide written notice of the incident, which began on Nov. 26, 2025. Impacted individuals are being offered complimentary credit monitoring and identity theft protection services through Epiq Privacy Solutions ID. This service includes one-bureau credit monitoring, dark web monitoring, credit protection tools, change of address monitoring, and dedicated identity restoration assistance.

Affected individuals are encouraged to remain vigilant by monitoring account statements and credit reports for any unauthorized activity over the next 12 to 24 months. The notification also provides detailed instructions on how to place a security freeze or fraud alert on credit files, as well as contact information for the three major credit bureaus and relevant government agencies.

Given the nature of the breach—an external ransomware attack on a third-party vendor—affected individuals should take the following steps:

• Enroll in the complimentary credit monitoring and identity protection services provided
• Review account statements and credit reports regularly for signs of suspicious activity
• Consider placing a security freeze or fraud alert on credit files
• Report any suspected identity theft to law enforcement and the Federal Trade Commission