Fintech giant Marquis is suing its firewall provider SonicWall, claiming that an earlier breach allowed hackers to steal sensitive information about customer firewalls that led to a ransomware attack on Marquis’ network.
The lawsuit, filed Monday in the U.S. District Court for the Eastern District of Texas, seeks a jury trial. It claims the 2025 breach at SonicWall “exposed critical security information for Marquis and every customer that used SonicWall’s firewall cloud backup service.”
Marquis’ chief executive Satin Mirchandani told TechCrunch in a statement that SonicWall allegedly failed to secure its backup service, which caused the company to suffer “significant reputational, operational, and financial harm.”
News of the lawsuit comes weeks after TechCrunch reported that Marquis was planning to seek compensation from SonicWall. The Plano, Texas-based fintech giant had told its customers that it blamed SonicWall for allowing hackers to steal sensitive information about customer firewall configuration files, including its own.
“SonicWall allowed a threat actor to obtain the keys to bypass that line of defense and walk right into Marquis’s internal network, the very thing that SonicWall’s firewall was supposed to prevent,” reads the complaint.
Firewalls are meant to prevent unauthorized access to a company’s network, but Marquis alleges that the hackers who scrambled its network with ransomware used information stolen from SonicWall about how its customers configure their firewalls, including emergency passcodes (known as scratch codes) that allowed access to Marquis’ internal network.
Marquis, which allows hundreds of banks and credit unions to visualize their customers’ data, said the hackers took “personally identifiable information concerning customers of some of Marquis’s financial institution clients” in its cyberattack.
The stolen data includes customer names, dates of birth, postal addresses, and financial information, including bank account, debit, and credit card numbers, as well as customers’ Social Security numbers
A spokesperson for SonicWall did not immediately comment on the lawsuit.
SonicWall first admitted a breach of its systems in mid-September, in which it said fewer than 5% of its customer firewall configuration backup files were exfiltrated from its storage servers, hosted on Amazon’s cloud and maintained by SonicWall. The firewall maker in October conceded that in fact every customer had their firewall backup files stolen in the breach.
Marquis in December 2025 began notifying affected people that its networks had been breached that August. SonicWall has not said when hackers were first able to gain access to its systems.
It’s not yet clear what caused the breach at SonicWall. In its complaint, Marquis claims SonicWall made a code change to one of its APIs months earlier, in February 2025, that “created a vulnerability exploitable by threat actors.” Marquis said that this bug allowed the hackers to access customer firewall configuration backup files “without proper authentication” by guessing predictable firewall serial numbers.
“While we were able to secure our network and client data quickly, our investigation revealed that our exposure to threat actors was due to SonicWall’s network breach and failure to notify us that our firewall protection was potentially compromised,” Mirchandani, the Marquis CEO, said in a statement shared with TechCrunch.
Mirchandani told TechCrunch that SonicWall has not yet provided any non-public information about the root cause of its breach.
“We hope to learn more through the litigation process,” Mirchandani said.
Marquis still will not say how many individuals are affected by its data breach. According to a listing with the Texas’ attorney general, at least 400,000 people across the U.S. are known to be affected by the fintech giant’s breach.
The number of affected individuals is anticipated to rise as more data breach notifications are filed with various U.S. attorneys general.
#Marquis #sues #firewall #provider #SonicWall #alleges #security #failings #firewall #backup #led #ransomware #attack
