A fintech data breach just turned into a high-stakes blame game. Texas-based Marquis is preparing to seek compensation from its firewall provider SonicWall after a third-party investigation linked an August 2025 ransomware attack to an earlier breach at the security vendor. The attack exposed personal and financial data belonging to hundreds of thousands of banking customers across the U.S., and Marquis says it happened because hackers stole its firewall configuration from SonicWall's compromised cloud backup service. Now the company wants SonicWall to foot the bill.
Marquis, a fintech firm serving hundreds of banks and credit unions, just fired a warning shot at the cybersecurity industry. In a memo shared with customers this week and obtained by TechCrunch, the Texas-based company said it's evaluating legal options against firewall provider SonicWall after determining that a breach at the security vendor enabled hackers to ransomware its systems last August.
The attack exposed a trove of sensitive data - personal information, financial records, and Social Security numbers belonging to consumer banking customers across the United States. But Marquis says the real culprit wasn't a flaw in its own defenses. According to the company's third-party investigation, hackers obtained credentials and configuration details about Marquis' firewall during an earlier breach at SonicWall's cloud backup service, then used that intel to circumvent the company's security and launch their ransomware attack.
"We believe that its August 2025 ransomware attack happened because the company's firewall service provider SonicWall had its own data breach that exposed critical security information about its customers' firewalls," Marquis told customers in the memo. The company confirmed it had stored a backup of its firewall configuration file in SonicWall's cloud - a standard practice that turned into a liability when that cloud environment got compromised.
Marquis is now "evaluating its options" regarding its firewall provider, including the "recoupment of any expenses spent by Marquis and its customers in responding to the data incident." That's corporate-speak for: we're coming after you for damages.
The timing reveals a messy supply chain breach that unfolded in stages. SonicWall initially disclosed in September 2025 that hackers had gained unauthorized access to its cloud backup service, claiming fewer than 5% of customers were affected. But the company backtracked in October, admitting that firewall configuration data and credentials for all customers using the cloud backup service - including Marquis - had been accessed. That revision came after Marquis had already begun notifying hundreds of thousands of individuals about its own breach, which started in August.
When reached for comment, Hanna Grimm, a spokesperson representing Marquis, didn't dispute the customer communication but doubled down on the link between the two incidents. "Our firewall service provider, an industry-leading cybersecurity company, publicly disclosed that a threat actor had earlier in the year gained unauthorized access to its cloud backup service," the statement said. "Marquis had recently begun using this provider's firewalls to help protect our network."
SonicWall isn't buying it. Company spokesperson Bret Fitzgerald told TechCrunch that the security vendor has asked Marquis for evidence to back up its claims. "We have no new evidence to establish a connection between the SonicWall security incident reported in September 2025 and ongoing global ransomware attacks on firewalls and other edge devices," Fitzgerald said, suggesting Marquis might be one of many victims trying to pin blame on a convenient scapegoat.
The dispute highlights a thorny question facing the enterprise security industry: when a vendor's breach enables attacks on its customers, who's liable? Marquis processes and visualizes banking data for hundreds of financial institutions, giving it access to massive amounts of consumer information. When that data got stolen, the company faced notification obligations, potential regulatory scrutiny, and reputational damage. Now it wants to pass those costs back up the supply chain.
Marquis said it brought in a third party to investigate whether its own security practices were to blame. The company had failed to roll out a patch at the time of the breach, raising questions about whether that unpatched vulnerability gave hackers their opening. But the investigation concluded that the patch addressed a flaw that "was not exploitable in a way that could have allowed hackers to access the company's data," according to the memo seen by TechCrunch.
That finding shifts responsibility squarely onto SonicWall - at least in Marquis' telling. The fintech firm says hackers needed inside knowledge of its firewall configuration to pull off the attack, and the only place that information existed outside its own network was in SonicWall's compromised cloud backup.
The breach count keeps climbing. Marquis began notifying hundreds of thousands of people in December about the August incident, but the company's spokesperson declined to provide a total number of affected individuals. New data breach notifications continue to be filed with state attorneys general, suggesting the final tally could stretch into the millions once all the banks and credit unions connected to Marquis complete their assessments.
The case could become a test of vendor accountability in an era of cascading supply chain breaches. Security providers sell trust - the promise that their products will protect customer networks rather than become the weak link. When that trust breaks down, as Marquis alleges happened here, customers want more than an apology. They want compensation for the mess left behind.
This isn't just a dispute between two companies - it's a preview of how cybersecurity liability battles will play out as supply chain breaches become the norm. If Marquis succeeds in proving that SonicWall's breach directly enabled the attack on its systems, it could establish precedent for vendors being held financially responsible when their security failures cascade to customers. That would reshape how enterprise security contracts are written and how much insurance coverage vendors need to carry. For now, hundreds of thousands of banking customers are left wondering how their financial data ended up in hackers' hands because of a breach two companies removed from where they do their banking.
