Marquis Sues SonicWall Over Firewall Flaws That Enabled Ransomware
▼ Summary
– Fintech company Marquis is suing its firewall provider SonicWall, alleging a 2025 breach at SonicWall exposed critical security information that led to a ransomware attack on Marquis’s network.
– The lawsuit claims hackers used stolen firewall configuration data, including emergency passcodes, to bypass Marquis’s defenses and access its internal network to deploy ransomware.
– The data stolen from Marquis includes sensitive personal and financial information of customers from its financial institution clients, such as names, Social Security numbers, and bank details.
– Marquis alleges SonicWall’s security failure stemmed from a vulnerable code change to an API in early 2025, which allowed unauthorized access to customer backup files.
– At least 400,000 individuals in the U.S. are known to be affected by the Marquis breach, with the number expected to rise as more notifications are filed.
A major financial technology firm is taking legal action against its cybersecurity vendor, alleging that a prior security failure directly enabled a devastating ransomware attack. Marquis has filed a lawsuit against SonicWall, claiming a 2025 breach at the firewall company exposed critical configuration data that hackers later used to infiltrate Marquis’s internal network. The complaint, filed in a Texas federal court, seeks a jury trial and accuses SonicWall of failing to secure its cloud backup service, leading to what Marquis describes as “significant reputational, operational, and financial harm.”
According to the legal filing, the hackers obtained sensitive firewall configuration files, including emergency passcodes, from SonicWall’s compromised systems. This information allegedly gave them the ability to bypass the very security measures the firewall was designed to enforce. “SonicWall allowed a threat actor to obtain the keys to bypass that line of defense and walk right into Marquis’s internal network,” the lawsuit states. The attackers subsequently deployed ransomware and stole a trove of sensitive personal data.
The compromised information includes customer names, dates of birth, addresses, and detailed financial data such as bank account and credit card numbers, along with Social Security numbers. Marquis provides data visualization services to hundreds of banks and credit unions, meaning the breach impacted customers of those financial institutions. The company has begun notifying affected individuals, with a filing to the Texas attorney general indicating at least 400,000 people across the United States are known to be affected, a number expected to grow.
SonicWall initially reported in September that fewer than 5% of customer firewall backup files were taken. However, by October, the company conceded that every customer had their firewall backup files stolen in the incident. The lawsuit points to a specific code change SonicWall made to an API in February 2025, alleging it “created a vulnerability exploitable by threat actors.” This bug supposedly allowed hackers to access files “without proper authentication” by guessing predictable serial numbers.
Marquis CEO Satin Mirchandani stated that while his company moved quickly to secure its network, their investigation pointed squarely at SonicWall’s breach and a failure to provide timely warning. “Our investigation revealed that our exposure to threat actors was due to SonicWall’s network breach and failure to notify us that our firewall protection was potentially compromised,” Mirchandani said. He added that SonicWall has not shared non-public details about the root cause of its breach, expressing a hope to learn more through the litigation process. SonicWall has not yet publicly commented on the lawsuit.
(Source: TechCrunch)
