Insights / Blog

BreachWatch™: Blaze Credit Union | Third-Party Vendor Breach (Marquis)

January 15, 2026

Blog Post - 150126 Perimeter

TL;DR

Blaze Credit Union reports a third-party breach tied to Marquis Software Solutions (marketing services). Data including SSNs may have been accessed, impacting ~235,000 members. A multi-month gap between detection and confirmed impact highlights how vendor incidents can expand risk beyond your internal perimeter.

What happened

  • Mid-August: Suspicious activity was detected on the vendor’s system.
  • ~2+ months later: Impact to Blaze was confirmed.
  • Early December: Member notifications were issued.

Why this matters

This is a familiar pattern in third-party incidents:

  • A non-“core” vendor can still handle high-risk data (e.g., SSNs) and materially increase exposure.
  • Delays in confirmation/disclosure compound downstream work: internal escalation, member comms, remediation, and oversight.
  • Vendor self-reporting isn’t enough when timelines are unclear and facts are still emerging.

Key details at a glance

  • Incident type: Third-party vendor breach
  • Vendor: Marquis Software Solutions (marketing services)
  • Data exposed: Names, addresses, dates of birth, Social Security numbers
  • Potentially affected: ~235,000 Blaze members
  • Notable gap: ~2+ months from detection to confirmed impact
  • Aftermath: Member notifications, credit monitoring offered, lawsuits filed, vendor relationship being severed

What teams should do now (fast checklist)

If you have vendors with access to sensitive customer data:

  1. Confirm access scope: what data they can access, where it lives, and who can reach it.
  2. Re-tier the vendor based on actual data sensitivity (not the vendor’s “category”).
  3. Require evidence, not reassurance: timelines, indicators, affected systems, and containment steps.
  4. Track communications and decisions in one place for audit-ready defensibility.
  5. Pre-plan offboarding so revoking access and collecting attestations isn’t improvised during an incident.

How Perimeter helps (mapped to this scenario)

  • Monitor: Continuous vendor signals so you’re not waiting on vendor updates to detect elevated risk.
  • Assess: Align vendor tiering and review depth to real access/criticality (especially when SSNs are in play).
  • Verify: Validate vendor claims against independent signals and evidence – surface gaps faster.
  • Extract + Share: Centralize requests and supporting documentation, reduce back-and-forth, and keep everything searchable.
  • Respond: Run structured incident outreach and tracking so time-to-clarity doesn’t drag on.

Bottom line

Blaze’s incident shows how quickly third-party events can become “your” problem – especially when confirmation takes time and sensitive identifiers are involved. The goal isn’t panic. It’s continuous visibility, verified answers, and a faster path to clarity when a vendor situation changes.

Want to see how this looks on your vendor portfolio?

Request a demo to see Monitor + Verify in action.

Request a demo

You May Also Like

U.S. Securities and Exchange Commission logo on building wall with American flags reflected in glass windows, representing financial regulatory authority and compliance.
Learn more
Bright city lights and fast-moving traffic at night with a dynamic blur effect, showcasing urban transportation and modern infrastructure. Perfect for illustrating smart city solutions and advanced mobility concepts.
Learn more
Third-party cybersecurity breach prevention, operational downtime impact, network security solutions, Perimeter cybersecurity services, minimizing business disruption with advanced threat protection.
Learn more

What Users Say

Yan S.
Manager of Cybersecurity Operations
Customer Experience is Great!

The Perimeter team has been incredibly receptive to feedback and requests for help. Perimeter has been essential to us being able to track and be able to complete security assessments.

Jaimin P.
Senior Risk Manager
Best Vendor Management Tool!

Perimeter was very fast for our team to implement and start using. They also have an unlimited user model, which works in our favor, and the platform is straightforward to use.

Ryan K.
Principal Consultant
GREAT ASSESSMENT PLATFORM

Perimeter is an extremely easy-to-use and flexible assessment platform. The tool is agnostic to any one methodology. It can be customized to your company’s specific rule sets to measure vendor’s risk or leverage one of Perimeter’s templates. Their support team is super helpful if you want to get more detailed, and the team is always willing to help walk you through something.

Bella R.
Senior Cybersecurity Risk Manager
Perimeter has great features!

Perimeter provides a user-friendly interface, customizable workflows, integration capabilities with other systems, and its ability to centralize and manage vendor information effectively.

Danny F.
Account Executive
I consider Perimeter experts!

Perimeter is intuitive and the knowledge base helps a ton with responding to RFP's and client assessments that we receive. As a salesperson, it is super helpful to have pre-approved responses that we can leverage to respond to questions.

Robert P.
Director of Security
Vendor Risk Management made simple

Perimeter ensures we are answering questions from different clients the same, and also saves us a lot of time to do it.

Omar C.
Information Systems Security Manager
Great tool for our company

The integration with Excel sheets and the ability to work with websites seamlessly has been a tremendous asset for me on audits.

Nupur V.
System Security Analyst
Excellent with Data Processing

The Perimeter team was really proactive in engaging with requirements. I would say very comitted and positive team. They were also flexible with the changing requirements and delivered the product within the project timeline.

Derek P.
Information Security Analyst
I didn't know I needed it, now I have to have it

If you want a tool that comes pre-populated and you can start using day one, get this one. If you want a tool and is highly customizable and can quickly be modified to suit your needs. If you want a tool that has excellent support, use this one. I'm certain there are things that Perimeter doesn't do excellently, but I haven't found them yet.