CoVantage Credit Union Hit With Data Breach Class Action, Can I File a Claim? 2026

ByAll About Lawyer Reading Time: 6 minutes

160,000 Members Affected—Legal Action Available

CoVantage Credit Union disclosed a data breach impacting 160,000 members after third-party vendor Marquis Software Solutions suffered a ransomware attack on August 14, 2025. Attorneys are gathering people affected by the CoVantage Credit Union data breach to take legal action via mass arbitration. As of January 2026, the breach affected at least 823,548 customers across 80 banks and credit unions, with internal communications suggesting Marquis paid a ransom to suppress the data.

Why This Matters to You

This affects you if you’re a CoVantage Credit Union member who received a breach notification letter in late November 2025. Understanding your rights could help you recover compensation for time spent addressing the breach, out-of-pocket losses from identity theft, and statutory damages for privacy violations. The compromised data included names, addresses, phone numbers, Social Security numbers, financial account details, and dates of birth—everything criminals need for identity theft and fraud.

What the CoVantage Data Breach Involves

How the Breach Happened

On August 14, 2025, Marquis Software Solutions—a provider of marketing and compliance software to over 700 banks and credit unions—discovered cybercriminals had infiltrated its network through a SonicWall firewall vulnerability. The attackers executed a ransomware attack, stealing customer data files before encrypting systems.

The unauthorized access occurred within Marquis’s network environment rather than CoVantage’s own internal systems, where certain files containing personal information related to CoVantage’s customers were stored. By September 8, 2025, Marquis had engaged a data expert to assess the extent of the impact.

What Information Was Exposed

On October 27, 2025, Marquis determined that files containing CoVantage customers’ information had been accessed or acquired. The impacted data may include names, addresses, phone numbers, Social Security numbers, financial account information, and dates of birth.

The notice states that the data elements included names, addresses, dates of birth, Social Security numbers, account numbers, and credit or debit card numbers. The credit union reports no evidence of actual or attempted misuse to date.

Timeline of Events

Here’s how the breach unfolded:

  • August 14, 2025: Suspicious activity detected in Marquis’ network. CoVantage engaged cybersecurity experts and notified law enforcement
  • September 8, 2025: Marquis engaged data analysis experts to identify affected individuals
  • October 27, 2025: Marquis determined that the breach compromised individuals’ information
  • November 26, 2025: CoVantage filed a notice with the Attorney General of Maine and began notifying affected individuals
  • January 2026: Updated figures show at least 823,548 customers of at least 80 banks and credit unions were affected

Current Legal Status

As of December 2025, Lynch Carpenter, LLP is investigating claims against CoVantage related to this data breach. Multiple law firms are investigating a class action lawsuit against Marquis. Attorneys working with ClassAction.org are gathering consumers to sign up for legal action.

No formal class action lawsuit has been filed in court as of February 2026, but multiple law firms are conducting investigations and gathering affected members for potential mass arbitration or class action litigation.

What Plaintiffs Are Claiming

Affected individuals may be entitled to compensation for time and expenses addressing the breach, out-of-pocket losses from identity theft, loss of privacy, diminished value of personal information, emotional distress, and statutory damages.

Legal theories being investigated include negligence in failing to implement adequate cybersecurity measures, breach of implied contract for failing to protect member data, and violations of state data breach notification laws.

CoVantage Credit Union disclosed a data breach impacting 160,000 members after third-party vendor Marquis Software Solutions suffered a ransomware attack on August 14, 2025. Attorneys are gathering people affected by the CoVantage Credit Union data breach to take legal action via mass arbitration. As of January 2026, the breach affected at least 823,548 customers across 80 banks and credit unions, with internal communications suggesting Marquis paid a ransom to suppress the data.

What You Must Know

This Wasn’t CoVantage’s Only Vendor Problem

Marquis serves over 700 financial institutions, and the final victim count continues rising. Affected institutions include CoVantage Credit Union (160,000 members), Maine State Credit Union (38,334), and Norway Savings Bank (51,000).

The breach affected consumers across multiple states: Texas (354,000 individuals), Washington (269,773), Massachusetts (280,375), and significant numbers in South Carolina, Maine, and New Hampshire.

Marquis Allegedly Paid the Ransom

Internal communications suggest Marquis paid a ransom to suppress the data, despite stating there was no evidence of misuse. This raises serious questions about whether the data is truly secure or whether hackers still retain copies.

Free Credit Monitoring Expires Soon

CoVantage provided impacted members with complimentary identity-protection services through Epiq Privacy Solutions ID. According to breach notification letters, affected individuals must enroll by March 31, 2026 to receive 12-24 months of free monitoring.

Understanding your rights in data breach situations similar to the Under Armour Class Action, Company Failed To Protect Customer Data In 343 GB Breach can help you navigate this process.

What to Do Next

Determine If You’re Eligible

You’re eligible if you’re a CoVantage Credit Union member who received a data breach notification letter in late November 2025. Do you have a savings or checking account with CoVantage, or have you taken out a loan with the credit union? If you’re 18+ and believe your information was exposed in the CoVantage Credit Union data breach, join others taking action.

Sign Up for Legal Action

You are signing up for what’s known as mass arbitration, which is different from a class action and involves hundreds or thousands of consumers filing individual arbitration claims against the same company at the same time. It costs nothing to sign up, and the attorneys will only get paid if they win your claim.

Multiple law firms are investigating claims, including Lynch Carpenter LLP, Levi & Korsinsky, Strauss Borrelli PLLC, and others. Research your options and contact a firm that specializes in data breach litigation.

Activate Your Free Credit Monitoring

Follow the activation instructions for the complimentary Epiq Privacy Solutions ID service and monitor your financial accounts and credit reports for the next 12–24 months. The enrollment deadline is March 31, 2026.

While no misuse has been reported, CoVantage Credit Union urges members to review bank, credit-card and credit-report activity over the next 12–24 months, promptly report any unauthorized transactions to the credit union and relevant financial institutions, and consider placing a fraud alert or security freeze with the nationwide credit bureaus.

FAQs

What is the CoVantage Credit Union data breach about?

CoVantage Credit Union disclosed a data breach impacting third-party marketing and communications vendor Marquis Software Solutions. The breach, which was detected on August 14, 2025, involved unauthorized access to the vendor’s systems and certain files stored therein. 160,000 CoVantage members were affected.

When was this breach discovered and disclosed?

The breach was discovered on August 14, 2025. By September 8, 2025, Marquis had engaged a data expert. CoVantage determined on October 27, 2025 that member personal information was present, and notifications to affected entities began on or around October 27, 2025. Members received letters in late November 2025.

Who is affected by this data breach?

CoVantage Credit Union members with accounts, loans, or financial relationships whose personal information was stored in Marquis Software Solutions’ systems. 160,000 CoVantage Credit Union members were impacted. If you received a breach notification letter from CoVantage in November 2025, you’re affected.

Am I eligible to file a claim for compensation?

If you got a notice about the CoVantage Credit Union data breach or otherwise believe you were affected, you may be able to take legal action via mass arbitration. Eligibility typically requires being a CoVantage member, being 18 or older, and having your information exposed in the breach.

What is the deadline to join legal action?

No formal lawsuit has been filed yet as of February 2026, so there’s no court-imposed claim deadline. However, the deadline to enroll in free credit monitoring is March 31, 2026. For legal action, statutes of limitations vary by state but typically range from 2-4 years from breach discovery.

How do I sign up for mass arbitration?

Contact one of the investigating law firms directly through their websites. It doesn’t cost anything, and all you have to do is fill out a quick form. Research firms include Lynch Carpenter LLP, Levi & Korsinsky, and Strauss Borrelli PLLC.

What damages or compensation might be available?

If you received a breach notification, you may be entitled to compensation for time and expenses addressing the breach, out-of-pocket losses from identity theft, loss of privacy, diminished value of personal information, emotional distress, and statutory damages. Though there are no guarantees, victims could be owed $100s for potential violations of their rights.

Similar cases like the Conduent Data Breach Update, 14.7 Million Victims In Texas Alone, 10+ Class Actions Filed show settlement amounts vary based on documented losses and the number of claimants.

Disclaimer: This article about the CoVantage Credit Union data breach is for informational purposes only and does not constitute legal advice. The legal status of potential claims is still developing as of February 2026, with no formal class action lawsuit filed in court yet. AllAboutLawyer.com does not represent any party in this matter and does not provide legal services. For specific guidance about your eligibility, legal options, or whether to join mass arbitration or wait for a potential class action, consult a qualified data breach attorney familiar with consumer protection laws in your state.

Looking for more information about data breach settlements and your legal rights? Explore similar cases and claim deadlines at AllAboutLawyer.com.

Stay informed, stay protected. — AllAboutLawyer.com

Last Updated: February 9, 2026

About the Author

Sarah Klein, JD

Sarah Klein, JD, is a licensed attorney and legal content strategist with over 12 years of experience across civil, criminal, family, and regulatory law. At All About Lawyer, she covers a wide range of legal topics — from high-profile lawsuits and courtroom stories to state traffic laws and everyday legal questions — all with a focus on accuracy, clarity, and public understanding.
Her writing blends real legal insight with plain-English explanations, helping readers stay informed and legally aware.
Read more about Sarah

Leave a Reply

Your email address will not be published. Required fields are marked *