Fintech firm Marquis told customers that it plans to seek compensation from its firewall provider after blaming the company for a breach that allowed hackers to steal its customers’ personal and financial data.
In a memo shared with customers this week and seen by TechCrunch, Marquis said it believes that its August 2025 ransomware attack happened because the company’s firewall service provider SonicWall had its own data breach that exposed critical security information about its customers’ firewalls. That earlier breach of SonicWall allowed hackers to obtain credentials needed to launch a ransomware attack against Marquis, the memo said.
Marquis said its third-party investigation determined that the hackers obtained information about its firewall during the breach at SonicWall, which Marquis claims was used to circumvent its firewall. Marquis confirmed in the communication that it stored a backup of its firewall configuration file in SonicWall’s cloud.
The company was “evaluating its options” regarding its firewall provider, including the “recoupment of any expenses spent by Marquis and its customers in responding to the data incident,” according to the memo.
When reached for comment, Hanna Grimm, an agency spokesperson representing Marquis, did not address or dispute the company’s recent communication to customers, but reiterated the claim linking its breach with an earlier theft of its firewall configuration.
“In September 2025, after the data security incident affected our systems, our firewall service provider, an industry-leading cybersecurity company, publicly disclosed that a threat actor had earlier in the year gained unauthorized access to its cloud backup service,” the statement said.
“Marquis had recently begun using this provider’s firewalls to help protect our network,” the statement added. “While the provider initially reported that fewer than 5% of customers were affected, it later clarified in October 2025 that firewall configuration data and credentials associated with all customers using the cloud backup service, including Marquis, had been accessed.”
When contacted by TechCrunch, SonicWall spokesperson Bret Fitzgerald said that the company has asked Marquis for evidence to substantiate its claims and said it would continue to engage with its customer.
“We have no new evidence to establish a connection between the SonicWall security incident reported in September 2025 and ongoing global ransomware attacks on firewalls and other edge devices,” Fitzgerald said.
The Texas-based Marquis, which allows hundreds of banks and credit unions to visualize their customers’ data, began notifying hundreds of thousands of people last month that their information was taken during its ransomware attack.
... continue reading