Marquis Data Breach Traced to SonicWall Firewall Hack
▼ Summary
– Fintech firm Marquis blames its firewall provider SonicWall for a ransomware attack in August 2025, claiming a prior breach at SonicWall exposed critical security data.
– Marquis states that hackers used credentials and firewall configuration data stolen from SonicWall’s cloud backup service to circumvent its defenses and steal customer data.
– SonicWall, while engaging with Marquis, has requested evidence and stated it has no new proof linking its own September 2025 security incident to the ransomware attack on Marquis.
– The breach compromised sensitive personal and financial data, including Social Security numbers, from hundreds of thousands of customers of banks and credit unions that use Marquis.
– Marquis is evaluating legal options to seek compensation from SonicWall for expenses related to the incident, and the total number of affected individuals is expected to rise.
A major financial technology company is now pursuing legal recourse against its cybersecurity vendor, alleging that a breach at the provider directly enabled a devastating ransomware attack. Marquis, a Texas-based fintech firm serving hundreds of banks and credit unions, informed its customers that it plans to seek compensation from firewall provider SonicWall. The company claims a prior breach at SonicWall gave hackers the critical credentials needed to infiltrate its own network, leading to the theft of vast amounts of sensitive consumer banking data.
In a recent memo to customers, Marquis detailed its findings from a third-party investigation. The probe concluded that hackers obtained information about the Marquis firewall during a separate security incident at SonicWall. This information was then allegedly used to circumvent Marquis’s network defenses. The company confirmed it stored a backup of its firewall configuration file within SonicWall’s cloud service, which it says became a vulnerability due to the provider’s breach.
The company stated it is “evaluating its options” regarding its firewall provider, which includes the “recoupment of any expenses” incurred by both Marquis and its customers in responding to the data incident. This move signals a potential shift toward holding vendors financially accountable for security failures that cascade to their clients.
When asked for comment, a spokesperson for Marquis reiterated the connection to the SonicWall incident. “In September 2025, after the data security incident affected our systems, our firewall service provider publicly disclosed that a threat actor had earlier in the year gained unauthorized access to its cloud backup service,” the statement read. It further noted that while the provider initially reported a limited impact, it later clarified that configuration data and credentials for all customers using the cloud backup service, including Marquis, had been accessed.
SonicWall has responded cautiously to these allegations. A company spokesperson stated they have requested evidence from Marquis to substantiate the claims and emphasized ongoing engagement with the customer. “We have no new evidence to establish a connection between the SonicWall security incident reported in September 2025 and ongoing global ransomware attacks on firewalls and other edge devices,” the spokesperson said.
The fallout from the attack is significant. Marquis, which provides data visualization tools to financial institutions, began notifying hundreds of thousands of individuals last month that their personal and financial information was compromised. The stolen data is reported to include highly sensitive details like Social Security numbers, personal information, and financial data belonging to consumer banking customers across the United States.
This situation underscores the complex risks of third-party dependencies in cybersecurity. SonicWall had previously acknowledged an earlier breach but initially downplayed its scope. In October, the company conceded that the incident ultimately affected every customer who had backed up firewall files to its cloud, a reversal from its earlier statement that only a fraction of customer files were taken.
In its internal investigation, Marquis also examined whether a missed software patch could have been a contributing factor. The company brought in external experts to assess this possibility but concluded the specific flaw related to the patch was not exploitable in a manner that would have permitted the data theft witnessed in this attack.
The full scale of the breach remains unclear. A spokesperson for Marquis declined to provide a specific number of affected individuals, but the count is anticipated to grow as formal data breach notifications continue to be filed with state authorities across the country. This incident highlights the escalating challenges businesses face in securing their digital ecosystems, especially when critical security functions are managed by external partners.
(Source: TechCrunch)
