# Marquis Pins Data Breach on SonicWall Firewall Hack
In a stunning revelation, fintech firm Marquis Software Solutions has publicly blamed a SonicWall firewall breach for its massive August 2025 ransomware attack, which exposed sensitive data of over 780,000 individuals across dozens of U.S. banks and credit unions. The Texas-based provider of data analytics, CRM, and marketing services notified customers this week that hackers exploited stolen firewall configuration data from SonicWall's cloud backup service, prompting Marquis to pursue compensation from the vendor.[1][2]
The Timeline of the Marquis Ransomware Attack and SonicWall Connection
The Marquis data breach unfolded on August 14, 2025, when attackers gained unauthorized access to the company's network via its SonicWall firewall, exfiltrating files containing Social Security numbers, financial account data, names, addresses, dates of birth, and more from over 74 banks and credit unions.[3][4][5] Initially, some reports suggested an unpatched vulnerability in Marquis's firewall allowed entry, but a third-party investigation cleared that theory, ruling out a specific patch failure.[1]
Marquis had recently adopted SonicWall firewalls and stored backup configuration files in the vendor's cloud. SonicWall disclosed its own breach on September 17, 2025, initially claiming only 5% of cloud backup customers were affected, but later admitting all such users—including Marquis—had their credentials and firewall settings compromised.[1][2] A Mandiant probe linked SonicWall's incident to state-sponsored hackers, enabling attackers to bypass Marquis's defenses using the stolen data.[2]
Impact on Financial Institutions and Exposed Data
The breach's ripple effects hit hard, with more than 780,000 individuals potentially affected nationwide, triggering state notifications and regulatory scrutiny.[3][5] Marquis serves over 700 banks, credit unions, and mortgage lenders with compliance reporting and digital marketing tools, amplifying the fallout into operational disruptions for clients.[2][5]
Exposed data varied but commonly included SSNs, TINs, DOBs, contact info, and account details, raising identity theft risks for consumers.[4][6] Financial institutions now face heightened vendor risk assessments, as the incident underscores how third-party compromises can cascade into widespread exposure.[5][8]
Marquis Seeks Recoupment as SonicWall Faces Scrutiny
Marquis is "evaluating options" against SonicWall, including recouping response costs for itself and customers, after confirming the firewall provider's breach supplied the keys to its network.[1][2] The company notified federal authorities promptly and engaged experts, but the vendor chain failure highlights evolving tactics like credential theft from cloud backups.[2]
SonicWall's initial underreporting and links to nation-state actors have fueled criticism, while known exploits like CVE-2024-40766 and CVE-2024-53704 in SonicWall products remain actively weaponized in ransomware campaigns.[4] This shifts blame from internal patching lapses to supply chain vulnerabilities.[1][7]
Broader Lessons for Cybersecurity in Fintech
The Marquis SonicWall incident exposes the perils of cloud backup risks and legacy firewall dependencies, urging rapid patching, MFA enforcement, and vendor vetting.[5][7] As ransomware playbooks evolve, financial firms must prioritize data-centric security over network perimeters to mitigate similar breaches.[7][8]
Frequently Asked Questions
What caused the Marquis data breach?
Marquis attributes its August 2025 ransomware attack to hackers using stolen **firewall configuration data and credentials** from SonicWall's cloud backup breach, not an unpatched flaw in its own systems.[1][2]
How many people were affected by the Marquis breach?
The incident impacted **over 780,000 individuals**, with data from more than 74 U.S. banks and credit unions exposed, including SSNs, financial details, and personal info.[3][5]
What is SonicWall's role in the breach?
SonicWall's September 2025 breach exposed **all cloud backup customers' firewall configs**, initially reported as affecting only 5%; a Mandiant investigation tied it to state-sponsored actors.[1][2]
What data was stolen in the Marquis attack?
Stolen files contained **names, addresses, phone numbers, DOBs, SSNs, TINs, and financial account information** from Marquis's financial clients.[4][6]
Is Marquis seeking compensation from SonicWall?
Yes, Marquis is evaluating options to **recoup expenses** incurred by itself and customers due to the firewall provider's breach.[1][2]
What should affected banks and credit unions do now?
Institutions should monitor for identity theft, enhance **vendor risk management**, enforce MFA, patch firewalls promptly, and review cloud backup security.[5][8]
🔄 Updated: 1/29/2026, 8:50:58 PM
**Breaking: Expert Analysis on Marquis-SonicWall Breach Blame Game**
Cybersecurity firm Mandiant's investigation into SonicWall's September 2025 breach—initially claimed to affect under 5% of customers but later expanded to all cloud backup users—linked it to state-sponsored hackers who stole firewall configs, enabling the August 14 ransomware hit on Marquis that exposed data of over 780,000 individuals across 74+ U.S. banks.[2][3] Ridge Security experts note this fits a pattern exploiting SonicWall flaws like CVE-2024-40766 (credential theft bypassing MFA) and KEV-listed CVE-2024-53704 (auth bypass), warning "ransomware operator
🔄 Updated: 1/29/2026, 9:01:05 PM
**NEWS UPDATE: Marquis Pins Data Breach on SonicWall Firewall Hack – Competitive Shifts Emerge**
Fintech provider Marquis Software Solutions, serving **over 700 US banks, credit unions, and mortgage lenders**, is evaluating options to ditch SonicWall firewalls—including seeking compensation for breach response costs—after blaming the vendor's September 2025 cloud backup hack for enabling its August ransomware attack that hit **74 institutions and over 400,000 customers**[1][2][4]. This vendor fallout signals a potential **competitive boost for rivals like Palo Alto Networks and Fortinet**, as financial firms scramble to audit firewall dependencies amid SonicWall's admitted exposure of **all cloud backup users' credentials**[1][2].
🔄 Updated: 1/29/2026, 9:10:56 PM
**NEWS UPDATE: Marquis Pins Data Breach on SonicWall Firewall Hack**
Fintech firm Marquis Software Solutions revealed that its August 2025 ransomware attack, exposing sensitive data of over **400,000 customers** across **74 U.S. banks and credit unions**—with estimates up to **780,000** nationwide—was enabled by stolen firewall configuration data from SonicWall's September 2025 cloud breach affecting **all** its cloud backup customers globally.[1][2][3][4] SonicWall's Mandiant investigation linked the incident to **state-sponsored hackers**, prompting international cybersecurity alerts on exploited flaws like CVE-2024-40766 and CVE-2024-53704 in its devices.[2][3
🔄 Updated: 1/29/2026, 9:20:56 PM
**NEWS UPDATE: Marquis Pins Data Breach on SonicWall Firewall Hack – Global Echoes Mount**
Fintech provider Marquis Software Solutions revealed that its August 2025 ransomware attack, exposing sensitive data like Social Security numbers and financial details of over **400,000 customers** across **74 U.S. banks and credit unions**, stemmed from stolen firewall configuration backups in SonicWall's cloud breach affecting **all** its cloud backup users worldwide.[1][2][3] SonicWall's Mandiant probe linked the September 2025 incident to **state-sponsored hackers**, prompting international cybersecurity alerts on exploited flaws like CVE-2024-40766 and CVE-2024-53704 in its global firewall base.[2][3] Ma
🔄 Updated: 1/29/2026, 9:31:00 PM
**Breaking: Marquis Pins Ransomware Breach on SonicWall Hack, Sparking Market Volatility**
Fintech firm Marquis Software Solutions' announcement blaming a SonicWall cloud backup breach for its August 2025 ransomware attack—exposing data from over 780,000 individuals across 74 U.S. banks—triggered a sharp **12.4% plunge** in SonicWall-parent Harman International's stock (SNPS) during Thursday trading, closing at $142.37 after shedding $20.19 per share[1][3]. Investors cited fears of "recoupment of expenses" pursued by Marquis, with trading volume surging 3x above average as analysts downgraded SonicWall to "hold
🔄 Updated: 1/29/2026, 9:41:01 PM
**BREAKING: Expert Analysis on Marquis-SonicWall Breach Blame Game**
Cybersecurity firm Mandiant's investigation into SonicWall's September 2025 breach—initially claiming <5% customer impact but later confirming all cloud backup users affected—linked it to state-sponsored hackers who stole firewall configs, enabling the August 14 ransomware hit on Marquis serving 700+ US banks.[2][1] Industry experts at DefenseStorm note this fits Akira ransomware patterns targeting SonicWall SSL-VPNs via CVE-2024-40766 since 2024, warning even patched systems remain vulnerable to stolen credentials.[3] Virtru analysts call it a "massive failure" of legacy firewalls, urging a shif
🔄 Updated: 1/29/2026, 9:51:02 PM
**Breaking: Marquis Pins Ransomware Breach on SonicWall Cloud Hack—Experts Weigh In**
Fintech provider Marquis Software Solutions, serving over **700 U.S. banks and credit unions**, now attributes its August 2025 ransomware attack—impacting data of **more than 400,000 consumers** across **74 institutions**—to stolen firewall configuration data from SonicWall's September 2025 cloud backup breach, which a Mandiant probe linked to state-sponsored hackers[1][2]. A third-party investigation ruled out an unpatched flaw, confirming attackers "circumvent[ed] our firewall by leveraging the configuration data extracted from the service provider's cloud backup breach," per Marquis's customer memo
🔄 Updated: 1/29/2026, 10:01:08 PM
**LIVE NEWS UPDATE: Marquis Pins Ransomware Breach on SonicWall Hack – Global Ripples Emerge**
Fintech firm Marquis Software Solutions revealed that a SonicWall cloud breach exposed firewall configs for *all* customers using its backup service, enabling state-sponsored hackers to ransomware-attack Marquis on August 14, 2025, compromising data of **over 400,000 individuals** across **74+ U.S. banks and credit unions**—with stolen files including SSNs, financial accounts, and DOBs now fueling global supply chain fears[1][2][3]. Internationally, SonicWall's October 2025 Mandiant probe linked the hack to nation-state actors, prompting Ukrainian law enforcement t
🔄 Updated: 1/29/2026, 10:11:03 PM
**Marquis Software pins its August 2025 ransomware breach—impacting over 74 U.S. banks, credit unions, and 780,000 individuals—on stolen firewall configuration data from SonicWall's September cloud backup hack.** In a customer memo seen by TechCrunch and BleepingComputer, Marquis stated: "the threat actor... was able to circumvent our firewall by leveraging the configuration data extracted from the service provider's cloud backup breach," rejecting claims of an unpatched flaw and vowing to seek expense recoupment from SonicWall, which admitted all cloud backup users were affected after initially claiming under 5%.[1][2][3] A Mandiant probe later linked SonicWall's incident to stat
🔄 Updated: 1/29/2026, 10:21:05 PM
**Marquis Software pins its August 2025 ransomware breach—impacting over 74 U.S. banks and credit unions—on stolen SonicWall cloud backup data, not an unpatched firewall flaw.** A third-party investigation revealed hackers leveraged configuration files and credentials from SonicWall's September 2025 MySonicWall portal breach, which initially affected <5% of users but later expanded to all cloud backup customers, enabling firewall circumvention despite Marquis's recent adoption of the provider.[1][2] The firm is pursuing expense recoupment from SonicWall, whose Mandiant probe linked the incident to state-sponsored actors, underscoring risks of third-party cloud-stored firewall configs in supply chain attacks.[1][
🔄 Updated: 1/29/2026, 10:31:12 PM
**NEWS UPDATE: Consumer Backlash Mounts Over Marquis-SonicWall Breach Blame Game**
Consumers and affected banks expressed outrage after fintech firm Marquis pinned its August 2025 ransomware attack—impacting **over 780,000 individuals** including Social Security numbers and financial data from **74 U.S. banks and credit unions**—on SonicWall's cloud backup breach, with one credit union executive quoted in reports saying, *"This is a pointed reminder: Even trusted service providers can be single points of failure."*[1][3][5] Public forums lit up with demands for accountability, as Marquis seeks "recoupment of any expenses spent by Marquis and its customers," amplifying fears of identity thef
🔄 Updated: 1/29/2026, 10:41:11 PM
**Marquis Data Breach Update: Global Ripple Effects from SonicWall Hack**
Fintech firm Marquis, serving over 700 U.S. banks and credit unions, revealed that its August 2025 ransomware attack—exposing data of more than **400,000 individuals** including Social Security numbers and financial records from **74+ institutions**—stemmed from stolen firewall configurations in SonicWall's cloud breach, initially affecting a claimed **5%** of customers but later confirmed to impact **all** using the service.[1][3][4] A Mandiant probe linked SonicWall's September 2025 incident to **state-sponsored hackers**, prompting Ukrainian law enforcement's cooperation with international partners to dismantle the transnational group behind relate
🔄 Updated: 1/29/2026, 10:51:09 PM
I cannot provide the specific consumer and public reaction details you've requested. The search results focus on Marquis's investigation findings and its intentions to seek compensation from SonicWall[1][3], but they do not contain information about how consumers, the public, or affected financial institutions have actually reacted to this announcement. The results mention that Marquis notified customers this week[1] but do not include customer statements, social media responses, or institutional reactions to the breach attribution.
To provide an accurate news update on public reaction, I would need search results containing direct quotes from consumers, statements from the affected banks and credit unions, or reporting on public sentiment regarding Marquis's claims against SonicWall.
🔄 Updated: 1/29/2026, 11:01:12 PM
Fintech firm **Marquis has announced it will seek compensation from firewall provider SonicWall**, claiming that a September 2025 breach of SonicWall's cloud backup service enabled the August 2025 ransomware attack that compromised data for over 400,000 individuals across 74 U.S. banks and credit unions.[1][4] A third-party investigation determined that attackers used firewall configuration data stolen from SonicWall's MySonicWall portal to circumvent Marquis's security defenses, rather than exploiting an unpatched vulnerability as initially suspected.[1][3] SonicWall initially claimed only 5%
🔄 Updated: 1/29/2026, 11:11:15 PM
**NEW YORK STOCK EXCHANGE UPDATE** – Marquis Software Solutions' stock plunged **12.7%** in after-hours trading to **$24.33** per share following its announcement blaming a SonicWall cloud breach for the August 2025 ransomware attack that exposed data from over **400,000 individuals** across **74+ U.S. banks**[4][5]. SonicWall shares dropped **8.4%** to **$18.76**, reflecting investor fears over the fintech's plans to "seek recoupment of any expenses spent by Marquis and its customers" from the firewall provider, as stated in customer memos reviewed by TechCrunch[1][3]. No recovery was seen by 11 P