Marquis sues SonicWall over ransomware breach

Marquis, a Plano, Texas-based fintech that provides data-visualisation services to banks and credit unions, has sued firewall vendor SonicWall in US federal court, alleging that SonicWall’s own breach gave ransomware attackers the keys to enter Marquis’ network.

The complaint, filed in the US District Court for the Eastern District of Texas, seeks a jury trial and argues that SonicWall’s firewall cloud backup service exposed “critical security information” for Marquis and other customers. According to TechCrunch, Marquis says attackers used stolen firewall configuration files — including emergency access “scratch codes” — to bypass the perimeter controls the firewall was supposed to enforce.

The lawsuit turns a familiar cyber incident into a dispute over responsibility. SonicWall disclosed a breach in mid-September 2025 and initially said fewer than 5% of customer firewall configuration backup files had been taken from storage servers hosted on Amazon’s cloud. In October, SonicWall conceded that, in fact, every customer’s firewall backup files had been stolen, according to TechCrunch.

Marquis began notifying affected individuals in December that its own network had been breached in August 2025. The company says the data taken in the attack included names, dates of birth, postal addresses and financial information such as bank account and payment card numbers, as well as Social Security numbers. A filing referenced by TechCrunch indicates at least 400,000 people are known to be affected in Texas alone, with the total expected to rise as more notifications are filed.

Marquis claims SonicWall introduced an exploitable vulnerability with a February 2025 API code change that allowed attackers to access customer firewall backups “without proper authentication” by guessing predictable firewall serial numbers. Marquis’ CEO Satin Mirchandani said SonicWall has not provided non-public details about the breach’s root cause, and that Marquis hopes to learn more through litigation.

For the industry, the case is a reminder that cybersecurity is increasingly being priced like a product warranty: not just “best practice” checklists, but contracts, disclosure duties and damages. If a vendor’s compromise can leak configuration files and recovery codes at scale, the downstream losses are no longer abstract — they are reputational harm, operational disruption, and class-action exposure that can be itemised.

The suit also arrives as cyber insurance has tightened underwriting and as corporate buyers demand clearer liability terms from security vendors. A firewall is sold as a boundary; Marquis is arguing that SonicWall’s backup system turned that boundary into a shared point of failure.

SonicWall has not yet publicly responded to the specific allegations in the lawsuit. Marquis’ filing asks a Texas jury to decide whether a security product that can be bypassed using vendor-leaked configuration data was ever providing the protection it was marketed to deliver.