Marquis sues firewall provider SonicWall, alleges security failings with its firewall backup led to ransomware attack

Fintech elephantine Marquis is suing its firewall supplier SonicWall, claiming that an earlier breach allowed hackers to bargain delicate accusation astir lawsuit firewalls that led to a ransomware onslaught connected Marquis’ network.

The lawsuit, filed Monday successful the U.S. District Court for the Eastern District of Texas, seeks a assemblage trial. It claims the 2025 breach astatine SonicWall “exposed captious information accusation for Marquis and each lawsuit that utilized SonicWall’s firewall unreality backup service.”

Marquis’ main enforcement Satin Mirchandani told TechCrunch successful a connection that SonicWall allegedly failed to unafraid its backup service, which caused the institution to endure “significant reputational, operational, and fiscal harm.”

News of the suit comes weeks aft TechCrunch reported that Marquis was planning to question compensation from SonicWall. The Plano, Texas-based fintech elephantine had told its customers that it blamed SonicWall for allowing hackers to bargain delicate accusation astir lawsuit firewall configuration files, including its own.

“SonicWall allowed a menace histrion to get the keys to bypass that enactment of defence and locomotion close into Marquis’s interior network, the precise happening that SonicWall’s firewall was expected to prevent,” reads the complaint.

Firewalls are meant to forestall unauthorized entree to a company’s network, but Marquis alleges that the hackers who scrambled its web with ransomware utilized accusation stolen from SonicWall astir however its customers configure their firewalls, including exigency passcodes (known arsenic scratch codes) that allowed entree to Marquis’ interior network.

Marquis, which allows hundreds of banks and recognition unions to visualize their customers’ data, said the hackers took “personally identifiable accusation concerning customers of immoderate of Marquis’s fiscal instauration clients” successful its cyberattack.

The stolen information includes lawsuit names, dates of birth, postal addresses, and fiscal information, including slope account, debit, and recognition paper numbers, arsenic good arsenic customers’ Social Security numbers

A spokesperson for SonicWall did not instantly remark connected the lawsuit.

SonicWall first admitted a breach of its systems successful mid-September, successful which it said less than 5% of its lawsuit firewall configuration backup files were exfiltrated from its retention servers, hosted connected Amazon’s unreality and maintained by SonicWall. The firewall shaper successful October conceded that successful information each customer had their firewall backup files stolen successful the breach.

Marquis successful December 2025 began notifying affected people that its networks had been breached that August. SonicWall has not said erstwhile hackers were archetypal capable to summation entree to its systems.

It’s not yet wide what caused the breach astatine SonicWall. In its complaint, Marquis claims SonicWall made a codification alteration to 1 of its APIs months earlier, successful February 2025, that “created a vulnerability exploitable by menace actors.” Marquis said that this bug allowed the hackers to entree lawsuit firewall configuration backup files “without due authentication” by guessing predictable firewall serial numbers.

“While we were capable to unafraid our web and lawsuit information quickly, our probe revealed that our vulnerability to menace actors was owed to SonicWall’s web breach and nonaccomplishment to notify america that our firewall extortion was perchance compromised,” Mirchandani, the Marquis CEO, said successful a connection shared with TechCrunch.

Mirchandani told TechCrunch that SonicWall has not yet provided immoderate non-public accusation astir the basal origin of its breach. 

“We anticipation to larn much done the litigation process,” Mirchandani said.

Marquis inactive volition not accidental however galore individuals are affected by its information breach. According to a listing with the Texas’ lawyer general, at slightest 400,000 radical crossed the U.S. are known to beryllium affected by the fintech giant’s breach. 

The fig of affected individuals is anticipated to emergence arsenic much information breach notifications are filed with assorted U.S. attorneys general.