Fintech agency Marquis instructed prospects that it plans to hunt compensation from its firewall supplier after blaming the corporate for a breach that allowed hackers to steal its prospects’ private and monetary information.
In a memo shared with prospects this week and seen by information.killnetswitch, Marquis mentioned it believes that its August 2025 ransomware assault occurred as a result of the corporate’s firewall service supplier SonicWall had its personal data breach that uncovered vital security details about its prospects’ firewalls. That earlier breach of SonicWall allowed hackers to acquire credentials wanted to launch a ransomware assault towards Marquis, the memo mentioned.
Marquis mentioned its third-party investigation decided that the hackers obtained details about its firewall throughout the breach at SonicWall, which Marquis claims was used to avoid its firewall. Marquis confirmed within the communication that it saved a backup of its firewall configuration file in SonicWall’s cloud.
The corporate was “evaluating its choices” relating to its firewall supplier, together with the “recoupment of any bills spent by Marquis and its prospects in responding to the information incident,” in accordance with the memo.
When reached for remark, Hanna Grimm, an company spokesperson representing Marquis, didn’t tackle or dispute the corporate’s current communication to prospects, however reiterated the declare linking its breach with an earlier theft of its firewall configuration.
“In September 2025, after the information security incident affected our techniques, our firewall service supplier, an industry-leading cybersecurity firm, publicly disclosed {that a} menace actor had earlier within the 12 months gained unauthorized entry to its cloud backup service,” the assertion mentioned.
“Marquis had just lately begun utilizing this supplier’s firewalls to assist shield our community,” the assertion added. “Whereas the supplier initially reported that fewer than 5% of shoppers had been affected, it later clarified in October 2025 that firewall configuration information and credentials related to all prospects utilizing the cloud backup service, together with Marquis, had been accessed.”
When contacted by information.killnetswitch, SonicWall spokesperson Bret Fitzgerald mentioned that the corporate has requested Marquis for proof to substantiate its claims and mentioned it will proceed to have interaction with its buyer.
“We’ve got no new proof to ascertain a connection between the SonicWall security incident reported in September 2025 and ongoing international ransomware assaults on firewalls and different edge gadgets,” Fitzgerald mentioned.
The Texas-based Marquis, which permits a whole bunch of banks and credit score unions to visualise their prospects’ information, started notifying a whole bunch of 1000’s of individuals final month that their info was taken throughout its ransomware assault.
The corporate has entry to giant quantities of knowledge belonging to shopper banking prospects throughout the U.S., together with private info, monetary information, and Social Safety numbers, which the hackers stole.
SonicWall conceded in October that an earlier breach of its techniques had in truth affected all of its prospects who backed up their firewall recordsdata to SonicWall’s cloud. It had beforehand mentioned hackers stole solely a fraction of its prospects’ firewall configuration recordsdata containing insurance policies and settings.
Within the communication seen by information.killnetswitch, Marquis mentioned it known as in a third-party to analyze whether or not a patch it had did not roll out on the time of the breach might have been accountable, however concluded that the patch associated to a flaw that was not exploitable in a means that would have allowed hackers to entry the corporate’s information.
Marquis’ spokesperson declined to supply quite a lot of what number of people are affected by its data breach. The variety of people recognized to be affected by the breach is anticipated to rise as new data breach notifications are submitted to state attorneys normal.
Have you learnt extra in regards to the Marquis data breach? Do you’re employed at Marquis or an organization affected by the breach? We’d love to listen to from you. To securely contact this reporter, you possibly can attain out utilizing Sign through the username: zackwhittaker.1337
