Skip nav to main content.

Marquis Security Incident

What Happened

On August 14, 2025 Marquis Software Solutions (a digital and physical marketing and communications vendor for Zing Credit Union, identified suspicious activity on our network and later determined that it was the result of a cybersecurity incident.  Upon learning of the incident, Marquis immediately launched an investigation and engaged the appropriate cyber security experts to assist. Law enforcement was also promptly notified. Their investigation determined that an unauthorized third party accessed Marquis’ network and may have access and acquired certain files from their systems. Importantly, Zing Credit Union’s systems WERE NOT impacted; the incident was limited to Marquis’ environment.

Those impacted were mailed a letter with the data that was impacted.  At this time, there is no evidence of misuse, or attempted misuse, of personal infomration as a result of this incident.

While there is no evidence of information misuse, we encourage you to remain vigilant by reviewing your account statements and credit reports for any unauthorized activity over the next 12 to 24 months.  We also encourage you to to take advantage of the complimentary credit monitoring that was provided to those impacted.  For more information, or for help with your credit monitoring service, please call Marquis’ dedicated response line at 855-403-1764, available 9am to 9pm Eastern Time, Monday through Friday.

  • The letter is legitimate.  Marquis is a vendor that works with many banks and credit unions.  It recently experienced a data incident.  If you received a letter, it means your information was involved in the incident.

  • Please write “Return to Sender” on the envelope and drop it in a mailbox. Otherwise, there is no additional action needed.

  • There are some steps you could take if you feel they are appropriate. You can contact the three national credit reporting agencies and notify them that the individual is deceased and that no credit should be issued. You can ask them to notify you if credit is issued in the deceased individual’s name. You can also request a copy of their credit report. The contact information for the credit reporting agencies is contained in the letter you received. You can also find out more information at www.idtheftcenter.org.

  • Marquis only recently let us know that some of our members’ information was accessed without authorization. Since then, we have worked with Marquis to coordinate the mailing of notification letters.

  • The incident did not occur at the credit union or impact any of the credit union’s computer systems.  Rather, the incident involved a vendor called Marquis.  Marquis informed us that it experienced a computer security incident in August.  It took steps to secure its systems and conduct an investigation.  As part of that investigation, Marquis determined that some people’s personal information was accessed without authorization and Marquis is mailing notification letters to those people.  If you received a letter, then your information was involved in the incident.

  • On October 27, 2025, Marquis notified us that some of our members’ information was contained in files that were accessed during the security incident.  We then worked to get more information from Marquis and ensure it provided notice to our members.

  • Marquis provided that information in the notification letter you received.

  • rquis is a company that works with banks and credit unions on marketing and compliance management.

  • Marquis assisted us in our communications with members regarding various products and services, and we needed to share member information with Marquis so it could provide that assistance.  That said, we take this situation seriously and are continually evaluating steps we can take to further protect member information.

  • We are no longer working with Marquis.

  • Marquis has advised us that it investigated the incident working alongside cyber experts. Marquis has also advised that it has revised its policies and procedures and implemented new security measures to prevent this type of incident from happening in the future.

  • We perform comprehensive due diligence reviews on our vendors who may have access to member information. We also perform regular due diligence reviews to ensure that our current vendors utilize organizational security controls best practices.

  • Even though the incident did not occur on our systems, we continue to perform robust and diligent system testing to ensure our security controls are sound.

  • If you haven’t already done so, you can take advantage of the complimentary credit monitoring and identity protection services that are referenced in the notification letter.  The letter includes additional tips on steps you can take to protect against the misuse of your information.

    • If you haven’t already done so, enroll in the complimentary credit monitoring and identify theft protection services that are being offered through Epiq.
    • Report the situation to the proper law enforcement authorities, including the police and your state’s attorney general.
    • Visit identitytheft.gov, which is the federal government’s one-stop resource for identity theft victims. The site provides steps to take in response to the incident, depending upon the type of information compromised.

  • The Federal Trade Commission has published identify protection tips, including warning signs of identity theft, at www.ftc.gov/idtheft. We also encourage you to enroll in the complimentary identity theft protection services we’re offering through Epiq, which can help you identify and resolve any identity theft.

  • A fraud alert encourages third parties to take extra steps to confirm your identity before extending credit. This can make it more difficult for an unauthorized person to open new accounts or modify existing accounts in your name. More information about fraud alerts is available in the notice letter you received.

  • You may consider placing a fraud alert on your credit report. This fraud alert statement informs creditors of possible fraudulent activity within your report and requests that your creditor contact you prior to establishing any accounts in your name. To place a fraud alert on your credit report, contact Equifax, Experian or TransUnion and follow the Fraud Victims instructions. To place a fraud alert on your credit accounts, contact your financial institution or credit provider. Contact information for the three nationwide credit-reporting agencies is as follows:

    Equifax
    PO Box 740241
    Atlanta, GA 30374
    www.equifax.com
    1-800-525-6285
    Experian
    PO Box 2002
    Allen, TX 75013
    www.experian.com
    1-888-397-3742
    TransUnion
    PO Box 2000
    Chester, PA 19022
    www.transunion.com
    1-800-680-7289

    Additional information regarding placing a fraud alert on your credit report is in the letter sent to you.

  • A credit freeze is designed to prevent third parties from accessing a credit report without your consent. If you place a credit freeze, potential creditors will not be able to access your credit report unless you temporarily lift the freeze. More information about credit freezes is available in the notice letter you received.

  • Information about how to obtain a free copy of your credit report is included in your notification letter. You may also obtain a free copy of your credit report from each of the three major credit reporting agencies once every 12 months by visiting http:/vww.annualcreditreport.com, calling toll-free 877-322-8228, or by completing an Annual Credit Report Request Form and mailing it to Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA 30348. You can print a copy of the request form at www.annualcreditreport.com/manualRequestForm.action.

  • The notification you received is not an attempt to solicit you to purchase identity theft protection services. The identity theft protection services through Epiq are being offered at no cost to you and will help detect possible misuse of your personal information. For further information on how to use these services, please follow the steps included in your notice letter.

  • Those services are being provided through a company called Epiq.  Please call 855-403-1764.

  • Yes, you will need to provide some personal information to Epiq so it can provide you with identity theft protection and credit monitoring services. You can be assured that both Epiq and the website listed in your notice letter are legitimate.

Get the App

Download on the App Store

Get it on Google Play

TRUTH IN SAVINGS DISCLOSURE

Except as specifically described, the following disclosures apply to all the accounts.

  1. Rate Information. The dividend rate, or interest rate, and annual percentage yield on your accounts are set forth on the reverse side. The annual percentage yield is a percentage rate that reflects the total amount of dividends/interest to be paid on an account based on the dividend/interest rate and frequency of compounding for an annual period. For Certificates of Deposit and IRA Certificates of Deposit, the interest rate and annual percentage yield are fixed and will be in effect for the term of the account.  The annual percentage yield is based on an assumption that interest will remain on deposit until maturity.  A withdrawal will reduce earnings.
  2. Nature of Dividends. Dividends are paid from current income and available earnings after providing for the required reserves.  The dividend rates and annual percentage yields are the prospective rates and yields that the Credit Union anticipates paying for the applicable dividend period.
  3. Compounding and Crediting. Interest and dividends will be compounded and credited as set forth on the reverse side.  The dividend/interest period for each account is also set forth on our Rate and Fee Schedule.  The dividend/interest period begins on the first calendar day of the period and ends on the last calendar day of the period.
  4. Balance Information. The minimum balance required to open each account is set forth.  Interest is calculated by the daily balance method which applies a daily periodic rate to the principal in the account each day.
  5. Accrual of Dividends. Dividends will begin to accrue on cash deposits on the business day you make the deposit to your account.  Dividends will begin to accrue on noncash deposits (checks) on the business day you make the deposit to your account.  If you close your account before accrued dividends are credited, accrued dividends will not be paid.
  6. Account Limitations. The account limitations for each account are set forth in our Membership and Account Agreement
  7. Your account will mature on the maturity date set forth on your account receipt or renewal notice.
  8. Early Withdrawal Penalties. A penalty may be imposed if you withdraw any of the certificate funds before the maturity date or the renewal date, if this is a renewal account.
  9. Amount of Penalty. For Certificates of Deposit and IRA Certificates of Deposit the amount of the early withdrawal penalty for your account is 90 days’ interest for a term of 12 months or less, and 180 days’ interest for a term over 12 months.
  10. How the Penalty Works. The penalty is calculated as a forfeiture of part or all of the interest that have been earned on the account.  This penalty applies to earned interest and principal.
  11. Renewal Policy. Certificate of Deposit accounts will automatically renew for another term upon maturity.  You have a grace period of seven days in which to change or withdraw the funds without being charged an early withdrawal penalty.
  12. Exception to Early Withdrawal Penalties. At our option, we may redeem the account before maturity without imposing an early withdrawal penalty under the following circumstances:
    • When an account owner dies
    • or is determined legally incompetent by a court
    • or other body of competent jurisdiction.
  13. Nontransferable / Nonnegotiable. Your account is nontransferable and nonnegotiable.  The funds in your account may not be pledged to secure any obligation of an owner except obligations with the Credit Union.
  14. FEES FOR OVERDRAWN ACCOUNTS. Fees may be imposed on each check, draft item, ATM card withdrawal, debit card withdrawal, debit card point of purchase, preauthorized automatic debit, telephone initiated withdrawal or any other electronic withdrawal or transfer transaction that is drawn on an insufficient available account balance.  The entire balance in your account may not be available for withdrawal, transfer or payment of a check, draft or item.  You may consult the Funds Availability Policy for information regarding the availability of funds in your account.  Fees for overdrawing your account may be imposed for each overdraft, item or transaction.  If we have approved an overdraft protection limit for your account, such fees may reduce your approval limit.  Please refer to the Rate and Fee Schedule for current fee information.

Leaving Our Website

You are leaving Zing Credit Union’s website. Zing does not control this site and is not responsible for the content, products, or services available on the linked site. The credit union does not represent the third party or the member, if the two enter a transaction. The privacy and security policies of this linked site may differ from our own.

Press “Continue” to proceed, or press “Stay on This Page” to remain here.

Log in to Online Banking

Also of Interest

Fraud Alert Zing Credit Union will NEVER call you or text you & ask for your account number, SSN, card number, or online banking information.