A fintech data breach just turned into a high-stakes blame game. Texas-based Marquis is preparing to seek compensation from its firewall provider SonicWall after a third-party investigation linked an August 2025 ransomware attack to an earlier breach at the security vendor. The attack exposed personal and financial data belonging to hundreds of thousands of banking customers across the U.S., and Marquis says it happened because hackers stole its firewall configuration from SonicWall's compromised cloud backup service. Now the company wants SonicWall to foot the bill.
Marquis, a fintech firm serving hundreds of banks and credit unions, just fired a warning shot at the cybersecurity industry. In a memo shared with customers this week and obtained by TechCrunch, the Texas-based company said it's evaluating legal options against firewall provider SonicWall after determining that a breach at the security vendor enabled hackers to ransomware its systems last August.
The attack exposed a trove of sensitive data - personal information, financial records, and Social Security numbers belonging to consumer banking customers across the United States. But Marquis says the real culprit wasn't a flaw in its own defenses. According to the company's third-party investigation, hackers obtained credentials and configuration details about Marquis' firewall during an earlier breach at SonicWall's cloud backup service, then used that intel to circumvent the company's security and launch their ransomware attack.
"We believe that its August 2025 ransomware attack happened because the company's firewall service provider SonicWall had its own data breach that exposed critical security information about its customers' firewalls," Marquis told customers in the memo. The company confirmed it had stored a backup of its firewall configuration file in SonicWall's cloud - a standard practice that turned into a liability when that cloud environment got compromised.
Marquis is now "evaluating its options" regarding its firewall provider, including the "recoupment of any expenses spent by Marquis and its customers in responding to the data incident." That's corporate-speak for: we're coming after you for damages.
