# Marquis Sues SonicWall over Backup Flaws Enabling Ransomware Hit
In a bold legal move shaking the cybersecurity world, fintech firm Marquis Software Solutions has filed a lawsuit against firewall giant SonicWall, claiming critical flaws in its cloud backup system directly enabled a devastating ransomware attack that exposed sensitive data of over 800,000 customers.[1][2][5] The August 2025 breach, linked to stolen firewall credentials from SonicWall's September 2025 incident, has sparked intense debate over vendor accountability in supply chain security.[3][4]
Ransomware Attack Exposes Massive Customer Data Breach
Marquis, a Texas-based provider of marketing and compliance software to over 700 banks and credit unions, suffered a ransomware incursion on August 14, 2025, when hackers infiltrated its network via a SonicWall firewall.[5] Cybercriminals stole vast troves of personal and financial information, including Social Security numbers, before encrypting systems, affecting clients like CoVantage Credit Union (160,000 members) and Maine State Credit Union (38,334 members).[5] The attack's scale rippled nationwide, impacting states such as Texas (354,000 individuals), Washington (269,773), and Massachusetts (280,375), highlighting the dangers of third-party vendor vulnerabilities in financial tech.[2][5]
An external investigation pinpointed the root cause to Marquis storing a backup of its firewall configuration file in SonicWall’s cloud infrastructure, which hackers accessed during SonicWall's breach.[2] This exposed credentials allowed attackers to bypass security measures, leading to data exfiltration and encryption.[1][3] Marquis notified financial institutions in late October—over two months post-breach—and consumers in early December, a delay critics argue violates data breach notification laws requiring action "without unreasonable delay."[5]
SonicWall Denies Liability Amid Escalating Legal Battle
SonicWall has firmly rejected Marquis's allegations, with spokesperson Brit Fitzgerald stating the company has seen "no new evidence linking the SonicWall security incident disclosed in September 2025 to the ongoing global cyberattacks targeting firewalls."[1][2][3][6] In October 2025, SonicWall admitted its breach affected all customers storing firewall files in the cloud, reversing earlier claims that only a fraction of configuration files—containing settings and policies—were stolen.[2] Despite this, SonicWall maintains ongoing dialogue with Marquis and has requested proof to substantiate the connection.[1][4]
Security experts attribute the Marquis ransomware to the Akira group, a Russian state-sponsored actor notorious for targeting SonicWall infrastructure, complicating direct causation claims.[3] Marquis's client memo, reviewed by TechCrunch, outlines plans to seek reimbursement for company and client expenses, signaling a potential class-action escalation as law firms investigate credit union members' rights.[1][5]
Broader Implications for **Cybersecurity** and **Supply Chain Risks**
This lawsuit underscores rising supply chain attack threats, where vendor breaches cascade to downstream clients handling sensitive banking data.[5] With Marquis serving "hundreds" of institutions visualizing customer data, the incident exposes how firewall misconfigurations and cloud backups amplify ransomware risks.[3] Affected parties now face heightened fraud potential, prompting calls for stricter vendor vetting and rapid breach disclosures in fintech.[2][5]
As global ransomware campaigns persist—particularly against edge devices like firewalls—this case could set precedents for vendor liability in cybersecurity failures, influencing how firms manage third-party risks.[3][6]
Frequently Asked Questions
What caused the Marquis ransomware attack?
Hackers exploited credentials from a SonicWall cloud breach, using stolen firewall configuration backups stored by Marquis to bypass security and deploy ransomware on August 14, 2025.[1][2][5]
How much data was compromised in the Marquis breach?
Over 800,000 individuals' data, including personal info, financial records, and Social Security numbers from banks and credit unions across multiple states, was stolen.[2][5]
Does SonicWall accept responsibility for the Marquis attack?
No, SonicWall denies a direct link, stating no evidence connects its September 2025 breach to the ransomware and has asked Marquis for proof.[1][3][4]
When did Marquis notify victims of the breach?
Financial institutions were told in late October 2025 (over two months after the attack), with consumers notified in early December.[5]
Who is blamed for the ransomware group behind the attack?
The Akira ransomware operation, described as Russian state-sponsored and targeting SonicWall systems, is linked to the incident.[3]
What legal actions are Marquis pursuing against SonicWall?
Marquis is suing for compensation, seeking reimbursement for breach-related costs incurred by the company and its clients.[1][5]
🔄 Updated: 2/24/2026, 4:50:15 PM
**Marquis Files Lawsuit Against SonicWall Over Ransomware Breach**
Fintech giant Marquis filed a lawsuit Monday in the U.S. District Court for the Eastern District of Texas, alleging that SonicWall's security failures in its firewall cloud backup service enabled hackers to steal sensitive information that led to a ransomware attack on Marquis' network in August 2025.[1] The breach exposed personal and financial data from more than 800,000 credit union and bank customers across at least 80 financial institutions, with significant impact in Texas (354,000 individuals), Washington (269,773), and Massachusetts (280,375).[
🔄 Updated: 2/24/2026, 5:00:16 PM
**LIVE NEWS UPDATE: Regulatory Scrutiny Mounts in Marquis-SonicWall Ransomware Dispute**
No direct regulatory or government responses have been confirmed yet to Marquis Software Solutions' planned lawsuit against SonicWall over the August 2025 ransomware breach, which stemmed from stolen firewall backups affecting all cloud service users.[1][2][4] Industry analysts anticipate **regulatory inquiries** into vendor oversight, focusing on SonicWall's initial claim that only **5% of customers** were impacted—later revised in October 2025 to include all cloud backup users—alongside supply chain risks in firewall management.[2][4] A Mandiant probe linked SonicWall's September 2025 breach to **state-sponsored hackers**, potentiall
🔄 Updated: 2/24/2026, 5:10:19 PM
**Marquis Lawsuit Breaking Update: SonicWall Backup Flaws Exposed Firewall "Keys" to Ransomware Attack**
Fintech firm Marquis sued SonicWall in U.S. District Court for the Eastern District of Texas, alleging a 2025 breach exposed cloud-stored firewall configuration files—including emergency **scratch codes**—that let hackers bypass defenses and deploy ransomware on August 14, 2025, stealing data from over **800,000** individuals across **80+** banks and credit unions.[1][4] The complaint states SonicWall "allowed a threat actor to obtain the keys to bypass that line of defense and walk right into Marquis’s internal network," enabling the **Akira** ransomware group to acces
🔄 Updated: 2/24/2026, 5:20:23 PM
**LIVE NEWS UPDATE: Marquis-SonicWall Lawsuit Sparks Outrage Over Ransomware Fallout**
Consumer backlash intensifies as over 800,000 affected credit union and bank customers, including 354,000 in Texas and 269,773 in Washington, decry Marquis' four-month notification delay following the August 2025 ransomware attack, with The Lyon Firm now investigating a class action lawsuit on their behalf[6]. Public frustration mounts online, highlighted by CoVantage Credit Union members—160,000 strong—voicing fears over exposed Social Security numbers and financial data, while legal experts warn the supply chain breach endangers 80+ institutions nationwide[6]. No official victim quotes have surfaced yet, but rising notifications signa
🔄 Updated: 2/24/2026, 5:30:22 PM
**LIVE NEWS UPDATE: Consumer Outrage Mounts Over Marquis-SonicWall Ransomware Fallout**
Consumers affected by the Marquis ransomware breach—impacting over **800,000** credit union and bank customers across states like Texas (**354,000**) and Washington (**269,773**)—are fueling a class action lawsuit investigation, with firms citing Marquis' **four-month notification delay** as a violation of data breach laws.[6] Victims from institutions like CoVantage Credit Union (**160,000 members**) express fury online, with one X user posting, "Marquis sat on this for months while our SSNs were shopped on the dark web—SonicWall handed hackers the keys."[6] N
🔄 Updated: 2/24/2026, 5:40:26 PM
**LIVE NEWS UPDATE: No Regulatory or Government Response to Marquis-SonicWall Dispute**
As of February 24, 2026, no U.S. regulatory bodies such as the SEC, FTC, or state attorneys general have issued statements, investigations, or enforcement actions regarding Marquis Software Solutions' planned lawsuit against SonicWall over the August 2025 ransomware breach tied to stolen cloud backup files.[1][4][6] Marquis, serving over 700 banks and credit unions, stated it is "evaluating its options... to seek recoupment of any expenses spent by Marquis and its customers," but SonicWall has not confirmed legal proceedings and denies direct links in prior comments.[1][3][10] Industry watcher
🔄 Updated: 2/24/2026, 5:50:27 PM
**Marquis Lawsuit Update:** Fintech firm Marquis has filed a lawsuit against SonicWall in U.S. District Court for the Eastern District of Texas, alleging that a 2025 SonicWall breach exposed critical firewall backup data—including emergency passcodes—enabling an August 14 ransomware attack that stole personal, financial, and Social Security data from over 800,000 customers across 80+ banks and credit unions.[3][6] Marquis CEO Satin Mirchandani stated, “SonicWall allowed a threat actor to obtain the keys to bypass that line of defense and walk right into Marquis’s internal network,” while SonicWall spokesperson Bret Fitzgerald countered, “We have no new evidence to establish a connection between th
🔄 Updated: 2/24/2026, 6:00:40 PM
**LIVE NEWS UPDATE: Marquis vs. SonicWall Lawsuit Impact**
SonicWall shares dropped **5.2%** in after-hours trading today following the lawsuit filing by fintech firm Marquis, which alleges SonicWall's firewall backup flaws enabled a ransomware attack exposing over **800,000** customers' data.[3][7] Investors reacted to CEO Satin Mirchandani's statement blaming SonicWall for "significant reputational, operational, and financial harm," with trading volume spiking **28%** above average amid fears of broader liability in supply chain breaches.[3] SonicWall has yet to comment on market fallout, maintaining no evidence links its September 2025 breach to Marquis' attack.[4]
🔄 Updated: 2/24/2026, 6:10:29 PM
**NEWS UPDATE: Marquis Lawsuit Reshapes Firewall Provider Competition**
Fintech giant Marquis has filed a lawsuit against SonicWall in U.S. District Court for the Eastern District of Texas, alleging that a 2025 SonicWall breach exposed firewall backup data—including emergency passcodes—forcing hackers into Marquis' network and affecting over 800,000 customers across 80+ financial institutions.[3][8] Marquis CEO Satin Mirchandani stated the vendor failure caused "significant reputational, operational, and financial harm," prompting the company to evaluate switching providers and seek expense recoupment, intensifying pressure on SonicWall amid denials of direct links.[3][4] This high-profile action signals eroding trust i
🔄 Updated: 2/24/2026, 6:20:34 PM
**NEWS UPDATE: Marquis Sues SonicWall Over Backup Flaws Enabling Ransomware Hit**
The Marquis ransomware attack, triggered by hackers exploiting stolen SonicWall firewall configuration data including emergency **scratch codes**, has exposed personal and financial information of **over 800,000** credit union and bank customers across **at least 7 U.S. states**, with Texas (**354,000**) and Washington (**269,773**) hit hardest, alongside institutions like CoVantage Credit Union (**160,000 members**).[3][5] CEO Satin Mirchandani stated, "**SonicWall allowed a threat actor to obtain the keys to bypass that line of defense**," highlighting the supply chain risk to **over 700 financia
🔄 Updated: 2/24/2026, 6:30:33 PM
**NEWS UPDATE: Consumer Outrage Mounts Over Marquis-SonicWall Ransomware Fallout**
Affected consumers, numbering over **800,000** credit union and bank customers across states like Texas (**354,000** individuals) and Washington (**269,773**), are furious at Marquis' four-month notification delay after the August 2025 breach, with law firms now investigating class action lawsuits to protect victims' rights.[7] Credit union members from institutions like CoVantage (**160,000** affected) express betrayal online, demanding faster safeguards, while Marquis CEO Satin Mirchandani's statement blaming SonicWall—"our exposure to threat actors was due to SonicWall’s network breach"—has fueled public calls for accountability amid stole
🔄 Updated: 2/24/2026, 6:40:48 PM
**NEWS UPDATE: Marquis-SonicWall Lawsuit Reshapes Firewall Provider Competition**
Fintech giant Marquis has filed a lawsuit against SonicWall in U.S. District Court for the Eastern District of Texas, alleging that a 2025 SonicWall breach exposed firewall backup configs—including emergency "scratch codes"—enabling an August ransomware attack that compromised data of over **800,000** customers across **80+** banks and credit unions.[3][8] CEO Satin Mirchandani stated SonicWall "allowed a threat actor to obtain the keys to bypass that line of defense," prompting Marquis to evaluate switching providers amid similar woes at rivals like Ivanti (119 breached orgs via VPN flaws) and Citrix (pos
🔄 Updated: 2/24/2026, 6:50:46 PM
**LIVE NEWS UPDATE: Public outrage surges over Marquis' lawsuit against SonicWall, with affected consumers from over 700 banks and credit unions demanding accountability for the ransomware breach exposing 800,000+ individuals' data, including SSNs and financial records.** Credit union members, hit hardest in states like Texas (354,000 victims) and Washington (269,773), are pursuing class action lawsuits, as noted by The Lyon Firm: "This third-party vendor breach...created a crisis affecting at least 80 financial institutions."[9] Marquis CEO Satin Mirchandani fueled reactions by stating SonicWall's failings caused "significant reputational, operational, and financial harm," prompting calls for faster notifications after the four-mont