Marquis considers compensation claim against SonicWall after ransomware breach

Fintech firm Marquis has told customers it is considering seeking compensation from its firewall provider, SonicWall, after concluding that a ransomware attack in August 2025 stemmed from an earlier breach at the cybersecurity company that exposed sensitive firewall configuration data.

In a memo sent to customers this week, Marquis said a third-party investigation found that attackers were able to compromise its systems after obtaining critical information about its firewall during a breach of SonicWall’s cloud backup service. That information, including configuration data and credentials, was allegedly used to bypass Marquis’ firewall and facilitate the ransomware attack.

Marquis said it had stored a backup of its firewall configuration file in SonicWall’s cloud. The company said it is evaluating its options with respect to the firewall provider, including the potential recovery of costs incurred by Marquis and its customers in responding to the data incident.

The Texas-based company provides data visualization services to hundreds of banks and credit unions across the United States and has access to large volumes of consumer banking data. Hackers stole personal and financial information during the attack, including Social Security numbers. Marquis began notifying affected individuals last month, though the company has not disclosed how many people were impacted. The number is expected to increase as additional breach notifications are filed with state attorneys general.

Hanna Grimm, a spokesperson representing Marquis, did not dispute the contents of the customer communication and reiterated the company’s position that the breach was linked to SonicWall’s earlier security incident. In a statement, Grimm said that after Marquis’ systems were affected, SonicWall disclosed that a threat actor had earlier gained unauthorized access to its cloud backup service. She said SonicWall initially reported that fewer than 5 percent of customers were affected, but later clarified in October 2025 that firewall configuration data and credentials for all customers using the cloud backup service, including Marquis, had been accessed.

SonicWall said it is engaging with Marquis but has not seen evidence supporting the claim that its breach led directly to the ransomware attack. Bret Fitzgerald, a spokesperson for SonicWall, said the company has asked Marquis to substantiate its allegations and stated that there is no new evidence linking the September 2025 SonicWall incident to ongoing ransomware attacks targeting firewalls and other edge devices.

Marquis also said it investigated whether its own failure to deploy a software patch at the time of the breach could have contributed to the incident. The company said the review determined that the patch addressed a flaw that was not exploitable in a way that would have allowed attackers to access its data.

SonicWall acknowledged in October that an earlier breach of its systems affected all customers who backed up firewall files to its cloud, reversing an earlier statement that only a limited number of customers were impacted. The breach involved firewall configuration files containing security policies and settings.