Marquis Sues SonicWall After Backup Breach Enables Ransomware
▼ Summary
– Marquis Software Solutions is suing SonicWall for negligence and misrepresentation after a ransomware attack on Marquis’s network, which impacted 74 U.S. banks.
– The August 2025 breach occurred when hackers accessed firewall configuration data from SonicWall’s cloud backup service due to a security gap introduced via an API change.
– The stolen data included highly sensitive personal and financial information, such as Social Security numbers and bank account details, from Marquis’s business partners.
– An investigation revealed the attack was carried out by state-sponsored hackers, and SonicWall initially underestimated the incident’s scope before confirming all its clients were affected.
– As a result, Marquis is facing significant damages, over 36 class action lawsuits, and is seeking monetary compensation and legal fees from SonicWall.
A major data analytics firm serving the financial sector has initiated legal action against a prominent cybersecurity vendor, alleging that a critical security failure in a cloud backup service directly enabled a devastating ransomware attack. The lawsuit claims that a vulnerability introduced by the vendor allowed state-backed hackers to steal sensitive configuration data, leading to a breach that compromised the personal and financial information of countless individuals and disrupted operations across dozens of banks.
The incident began in August 2025 when attackers infiltrated the network of Marquis Software Solutions. The company, which provides critical services to over 700 banks and credit unions, found that hackers had accessed files containing highly sensitive partner data. This information included names, addresses, Social Security numbers, and detailed financial account details. Initially, the breach was thought to stem from an unpatched flaw in the company’s SonicWall firewall. However, a deeper investigation revealed a more systemic problem.
By January 2026, Marquis had pinpointed the root cause. The attackers did not exploit the firewall itself. Instead, they leveraged configuration data stolen from SonicWall’s own cloud backup infrastructure. The vulnerability originated from an API code change SonicWall made to its MySonicWall cloud service in February 2025. This security gap permitted unauthorized access to backup files stored in SonicWall’s cloud. These files contained AES-256 encrypted credentials, full configuration data, and even multi-factor authentication (MFA) scratch codes, providing a blueprint to bypass network defenses.
SonicWall disclosed the cloud backup issue three weeks after the Marquis attack, first estimating it impacted only 5% of customers before later confirming all clients were affected. An investigation by Mandiant linked the attack to state-sponsored hackers. Marquis asserts that at the time of the breach, its firewall was fully updated and MFA was enabled, but the threat actor used the exposed configuration data to compromise these protections. The lawsuit further alleges that when Marquis contacted SonicWall directly about the MFA bypass, the vendor withheld critical information and ignored the request.
The consequences for Marquis have been severe. The company states it has suffered significant damages, including a loss of customers, harm to its business reputation, and lost revenue. It is now defending against more than 36 consumer class action lawsuits stemming from the ransomware incident. In its legal complaint, Marquis accuses SonicWall of gross negligence and misrepresentation. The firm is seeking monetary damages, indemnification for any judgments from the related class actions, attorneys’ fees, and equitable relief, arguing that SonicWall’s failures directly caused the operational and financial turmoil it now faces.
(Source: Bleeping Computer)
