A class action has been filed in the U.S. District Court for the Eastern District of Texas (Case No. 4:26-cv-00108), alleging that Marquis Software Solutions Inc., CoVantage Credit Union, and University Credit Union failed to safeguard customer data following a breach involving Marquis’ systems.
What happened
The complaint, filed on January 30, 2026, contends that the defendants were obligated to establish reasonable security measures to protect the information from unauthorized access and disclosure.
A key accusation focuses on the fact that the filing asserts that Marquis took over three months to disclose the breach and start notifying those impacted, a delay that plaintiffs argue heightened the risk of criminals exploiting or profiting from the data. The lawsuit includes allegations of negligence, breach of implied contract, unjust enrichment, and violations of California’s Unfair Competition Law.
The backstory
Authorities are delving into the details surrounding a vendor-side breach at Marquis Software Solutions Inc., a firm that offers services to financial institutions such as banks and credit unions. Marquis reported that it identified suspicious activity on August 14, 2025, prompting a forensic investigation in collaboration with external cybersecurity experts. The company also informed federal law enforcement and ultimately determined that an unauthorized party had breached its network, potentially accessing and acquiring files that contained personal information for client institutions.
Recent reports indicate a ransomware incident, tracing the initial access back to Marquis' perimeter defenses. Marquis subsequently attributed the breach to a compromise related to SonicWall and its firewall ecosystem, which allegedly exposed configuration or credential information that could facilitate further attacks. Regulatory filings indicate that notifications were sent to customer data owners starting around October 27, 2025.
Why it matters
A 2019 BMJ Health Care Informatics study notes, “Phishing… relies on social engineering techniques, with many contacts therefore appearing to be from trusted sites such as financial institutions.” The narrative reflects the findings of Paubox's report regarding the leading healthcare email threats in 2025, identity abuse, credential theft, and vendor exposure continue to inflict damage as attackers infiltrate trusted channels rather than relying on brute force tactics.
According to an analysis by Paubox regarding the 2025 breach disclosures from the U.S. Department of Health and Human Services, it was found that phishing-driven credential compromise led to unprecedented levels of exposure. Furthermore, the most common pattern identified was vendor or business associate exposure, which is often the focus of plaintiffs when they assert a shared responsibility for data protection throughout a service chain.
Legal actions are increasingly prompted not by system outages but by the collapse of trust boundaries, leading to personal data becoming commodified almost instantly and on a large scale.
See also: HIPAA Compliant Email: The Definitive Guide (2026 Update)
FAQs
What is credential compromise?
Credential compromise happens when someone steals or gains access to a valid username and password and then uses it to log in as if they are a legitimate user.
How do attackers usually steal credentials?
Attackers often use phishing emails, fake login pages, malicious links, or password reuse from earlier breaches to capture credentials.
Why is credential compromise so damaging?
Valid credentials let attackers bypass many defenses because the login looks normal, so the attacker can move through systems, pull data, and blend in.
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
Mara Ellis
