Fintech giant Marquis is suing its firewall provider SonicWall, claiming that an earlier breach allowed hackers to steal sensitive information about customer firewalls that led to a ransomware attack on Marquis’ network.
The lawsuit, filed Monday in the U.S. District Court for the Eastern District of Texas, seeks a jury trial. It claims the 2025 breach at SonicWall “exposed critical security information for Marquis and every customer that used SonicWall’s firewall cloud backup service.”
Marquis’ chief executive Satin Mirchandani told TechCrunch in a statement that SonicWall allegedly failed to secure its backup service, which caused the company to suffer “significant reputational, operational, and financial harm.”
News of the lawsuit comes weeks after TechCrunch reported that Marquis was planning to seek compensation from SonicWall. The Plano, Texas-based fintech giant had told its customers that it blamed SonicWall for allowing hackers to steal sensitive information about customer firewall configuration files, including its own.
“SonicWall allowed a threat actor to obtain the keys to bypass that line of defense and walk right into Marquis’s internal network, the very thing that SonicWall’s firewall was supposed to prevent,” reads the complaint.
Firewalls are meant to prevent unauthorized access to a company’s network, but Marquis alleges that the hackers who scrambled its network with ransomware used information stolen from SonicWall about how its customers configure their firewalls, including emergency passcodes (known as scratch codes) that allowed access to Marquis’ internal network.
Marquis, which allows hundreds of banks and credit unions to visualize their customers’ data, said the hackers took “personally identifiable information concerning customers of some of Marquis’s financial institution clients” in its cyberattack.
The stolen data includes customer names, dates of birth, postal addresses, and financial information, including bank account, debit, and credit card numbers, as well as customers’ Social Security numbers
A spokesperson for SonicWall did not immediately comment on the lawsuit.
SonicWall first admitted a breach of its systems in mid-September, in which it said fewer than 5% of its customer firewall configuration backup files were exfiltrated from its storage servers, hosted on Amazon’s cloud and maintained by SonicWall. The firewall maker in October conceded that in fact every customer had their firewall backup files stolen in the breach.
... continue reading