Valley Strong Data Breach Affects 1,694 Members

On Nov. 26, 2025, it was disclosed that Valley Strong Credit Union, a prominent California-based financial cooperative, was impacted by a data breach involving its third-party marketing and communications vendor, Marquis Software Solutions Inc. The breach originated from Marquis, not from Valley Strong’s internal systems, but it resulted in the exposure of sensitive member data.

The incident began on Aug. 14, 2025, when Marquis detected suspicious activity on its network. A subsequent investigation revealed that an unauthorized third party had accessed Marquis’ environment through a vulnerability in its SonicWall firewall.

This breach allowed the attacker to potentially acquire files containing personal information from Marquis’ systems. The breach was limited to Marquis and did not affect Valley Strong’s own network.

As part of the fallout of the Marquis data breach, both the Maine Attorney General’s office and the Washington Attorney General’s office received formal disclosures about the incident. According to these filings, 54 Maine residents and 1,640 Washington residents affiliated with Valley Strong were affected.

The exposed information included names, addresses, phone numbers, Social Security numbers, Taxpayer Identification Numbers, financial account information, and dates of birth.

The breach’s severity stems from the nature of the data exposed, as Social Security numbers and financial account details are highly sensitive and can be misused for identity theft or fraud.

Valley Strong Credit Union’s response

In response to the incident, Marquis, in coordination with Valley Strong Credit Union, promptly launched an investigation and engaged cybersecurity experts to contain the breach and secure their systems. Law enforcement was also notified. Marquis has since implemented additional security technologies and processes to strengthen its network.

Valley Strong Credit Union is working with Marquis to notify affected individuals and has arranged for complimentary credit monitoring and identity theft protection services through Epiq Privacy Solutions ID.

Given the nature of the breach, affected individuals are encouraged to:

• Remain vigilant by reviewing account statements and monitoring credit reports for suspicious activity
• Take advantage of the complimentary credit monitoring service provided
• Consider placing a fraud alert or security freeze on their credit file with the major credit bureaus
• Report any suspected identity theft to law enforcement and the Federal Trade Commission

Further details and step-by-step instructions are provided in the notice to consumers, which is available at the bottom of this article’s page in PDF format.