Fintech big Marquis is suing its firewall supplier SonicWall, claiming that an earlier breach allowed hackers to steal delicate details about buyer firewalls that led to a ransomware assault on Marquis’ community.
The lawsuit, filed Monday within the U.S. District Court docket for the Jap District of Texas, seeks a jury trial. It claims the 2025 breach at SonicWall “uncovered crucial security info for Marquis and each buyer that used SonicWall’s firewall cloud backup service.”
Marquis’ chief government Satin Mirchandani instructed information.killnetswitch in a press release that SonicWall allegedly didn’t safe its backup service, which triggered the corporate to undergo “important reputational, operational, and monetary hurt.”
Information of the lawsuit comes weeks after information.killnetswitch reported that Marquis was planning to hunt compensation from SonicWall. The Plano, Texas-based fintech big had instructed its clients that it blamed SonicWall for permitting hackers to steal delicate details about buyer firewall configuration information, together with its personal.
“SonicWall allowed a risk actor to acquire the keys to bypass that line of protection and stroll proper into Marquis’s inside community, the very factor that SonicWall’s firewall was supposed to stop,” reads the criticism.
Firewalls are supposed to stop unauthorized entry to an organization’s community, however Marquis alleges that the hackers who scrambled its community with ransomware used info stolen from SonicWall about how its clients configure their firewalls, together with emergency passcodes (often known as scratch codes) that allowed entry to Marquis’ inside community.
Marquis, which permits lots of of banks and credit score unions to visualise their clients’ information, mentioned the hackers took “personally identifiable info regarding clients of a few of Marquis’s monetary establishment shoppers” in its cyberattack.
The stolen information consists of buyer names, dates of beginning, postal addresses, and monetary info, together with checking account, debit, and bank card numbers, in addition to clients’ Social Safety numbers
A spokesperson for SonicWall didn’t instantly touch upon the lawsuit.
SonicWall first admitted a breach of its programs in mid-September, by which it mentioned fewer than 5% of its buyer firewall configuration backup information had been exfiltrated from its storage servers, hosted on Amazon’s cloud and maintained by SonicWall. The firewall maker in October conceded that actually each buyer had their firewall backup information stolen within the breach.
Marquis in December 2025 started notifying affected those that its networks had been breached that August. SonicWall has not mentioned when hackers had been first in a position to achieve entry to its programs.
It’s not but clear what triggered the breach at SonicWall. In its criticism, Marquis claims SonicWall made a code change to considered one of its APIs months earlier, in February 2025, that “created a vulnerability exploitable by risk actors.” Marquis mentioned that this bug allowed the hackers to entry buyer firewall configuration backup information “with out correct authentication” by guessing predictable firewall serial numbers.
“Whereas we had been in a position to safe our community and consumer information rapidly, our investigation revealed that our publicity to risk actors was because of SonicWall’s community breach and failure to inform us that our firewall safety was probably compromised,” Mirchandani, the Marquis CEO, mentioned in a press release shared with information.killnetswitch.
Mirchandani instructed information.killnetswitch that SonicWall has not but offered any personal details about the foundation reason behind its breach.
“We hope to be taught extra by the litigation course of,” Mirchandani mentioned.
Marquis nonetheless won’t say what number of people are affected by its data breach. Based on a list with the Texas’ legal professional normal, no less than 400,000 individuals throughout the U.S. are identified to be affected by the fintech big’s breach.
The variety of affected people is anticipated to rise as extra data breach notifications are filed with numerous U.S. attorneys normal.
