Marquis Software Solutions has filed a lawsuit against SonicWall, accusing the cybersecurity company of gross negligence and misrepresentation that allegedly led to a ransomware attack disrupting operations at 74 U.S. banks.
On August 14, 2025, hackers breached Marqui’s network in a ransomware attack after compromising a SonicWall firewall. The attacker stole files containing personal information received from business partners.
The details included names, addresses, phone numbers, Social Security numbers, Taxpayer Identification Numbers, and financial account information.
Marquis provides data analytics, CRM tools, compliance reporting, and digital marketing services, with a clientele that includes more than 700 banks, credit unions, and mortgage lenders.
In January 2026, Marquis officially accused SonicWall of security failures after determining that the hackers had not exploited an unpatched flaw in its firewall, as previously assumed. Instead, it was discovered that the attacker leveraged configuration data extracted from the vendor’s cloud backup infrastructure.
The cause of the breach was a security gap that SonicWall introduced in its MySonicWall cloud backup service via an API code change in February 2025.
The vulnerability allowed unauthorized access to firewall configuration backup files stored in SonicWall’s cloud, which contain AES-256 encrypted credentials, configuration data, and MFA scratch codes.
The cybersecurity vendor disclosed the incident only three weeks later and initially estimated it impacted 5% of its customer base, but later confirmed that all clients were impacted.
An investigation from incident response company Mandiant revealed that the attack was carried out by state-sponsored hackers.
Marquis states that at the time of the attack, its SonicWall firewall was up to date, multi-factor authentication (MFA) was enabled, and additional security controls were in place, but the threat actor compromised it using information exposed in the SonicWall cloud backup breach.
When contacted directly by Marquis about the MFA bypass, SonicWall allegedly withheld critical information and ignored the request.
“As a result of SonicWall’s conduct, Marquis has suffered, and continues to suffer, damages; a loss of customers; harm to its business reputation; lost business opportunities, revenue and profit; and substantial diminution in its enterprise value,” Marquis notes in the complaint.
Marquis notes that it is now defending more than 36 consumer class action lawsuits stemming from the ransomware attack it suffered.
For this, Marquis now seeks monetary damages, indemnification, contribution for any judgments in the related class actions, attorneys’ fees, and equitable relief.
Modern IT infrastructure moves faster than manual workflows can handle.
In this new Tines guide, learn how your team can reduce hidden manual delays, improve reliability through automated response, and build and scale intelligent workflows on top of tools you already use.
