1st MidAmerica Credit Union Data Breach

On or around August 14, 2025, 1st MidAmerica Credit Union (“MACU”) was notified by one of its vendors, Marquis Software Solutions (“Marquis”), of a cybersecurity incident involving unauthorized access to Marquis’ computing environment. Upon learning of the incident, Marquis launched an investigation and took steps to secure its systems.

Following the investigation, Marquis determined that an unauthorized third party accessed its network and may have accessed and acquired certain files. On October 27, 2025, Marquis provided MACU with a list of MACU-related data that may have been involved. After further review, MACU determined that personal information belonging to certain individuals was included in the affected files.

On or about January 22, 2026, notification letters were mailed to affected individuals. MACU is offering complimentary single-bureau credit monitoring, fraud consultation, and identity theft restoration services for 24 months through Epiq.

1st MidAmerica Credit Union is a member-owned, non-profit financial institution headquartered in Bethalto, Illinois, providing banking and financial services to its members with services such as checking, savings, loans (auto, mortgage, personal), and credit cards.

The impacted data may relate to individuals whose personal information was provided to or maintained by MACU and stored within Marquis’ systems as part of vendor services.

Following the breach, Marquis implemented enhanced security controls within its network environment and is reviewing its policies and procedures to reduce the risk of future cybersecurity incidents.

If you received a Data Breach notification letter related to 1st MidAmerica Credit Union, it confirms that your personal information may have been accessed and/or acquired by an unauthorized party during this incident.

What information is involved in the 1st MidAmerica Credit Union Data Breach?

Compromised information may include:

Your Personally Identifiable Information (PII) includes details that can be used to identify you. Organizations that collect and store this information are legally obligated to safeguard it. When companies fail to adequately protect sensitive personal data, they may face legal liability and financial penalties.

A specific subset of PII is Protected Health Information (PHI), which includes medical and health insurance data. PHI is protected under both federal and state privacy laws, including HIPAA and related state statutes. When PHI is exposed in a data breach, it can be used in conjunction with other personal data to commit identity theft, medical fraud, and insurance fraud.

Exposure of Social Security numbers and other identifying information significantly increases the risk of identity theft, financial fraud, and unauthorized account activity.

When personal information is exposed in a data breach, it can be used to commit identity theft, financial fraud, and other forms of misuse — often months or even years after the incident.

If your data has been exposed in a breach, one of the most effective steps you can take is to promptly enroll in the offered credit and identity monitoring services and continue monitoring your financial accounts and credit reports for suspicious activity.

Residents of California benefit from enhanced privacy protections under the California Consumer Privacy Act (CCPA), which provides additional rights regarding the collection, storage, and protection of personal information. California residents may also have additional legal remedies when personal data is compromised in a breach.

If you received a NOTICE OF DATA BREACH letter related to 1st MidAmerica Credit Union, your personal and financial information may be at risk. This type of sensitive information can be exploited by cybercriminals to commit fraud, identity theft, and related crimes.

Contact the Data Breach Lawyers at Emery | Reddy, PC for a Free Case Review today.