Marquis Software Solutions has filed a lawsuit against cybersecurity firm SonicWall, claiming a vulnerability in SonicWall’s cloud backup service led directly to a ransomware attack on its network.
Filed in a Texas federal court, the complaint highlights a massive failure in securing sensitive firewall configuration files.
On August 14, 2025, Marquis experienced a devastating ransomware attack. Threat actors bypassed the company’s perimeter defenses, which were protected by SonicWall firewalls with Multi-Factor Authentication (MFA) enabled.
After investigating, Marquis discovered no unpatched vulnerabilities on their local devices. Instead, they traced the intrusion back to a prolonged security breach within SonicWall’s MySonicWall cloud infrastructure.
The API Flaw and Exposed MFA Codes
According to the lawsuit, SonicWall introduced a code change to its Application Programming Interface (API) in February 2025.
This change created a vulnerability that allowed anyone to download customer firewall backup files by guessing predictable device serial numbers. No passwords or authentication checks were required to access this data.
The exposed configuration backups contained highly sensitive network details. Most alarmingly, they included unencrypted MFA scratch codes, usernames, SSL certificates, and local firewall passwords.
By stealing these unencrypted MFA codes, cybercriminals easily bypassed the two-factor authentication defenses protecting Marquis’s network.
According to Documentcloud, SonicWall allegedly failed to detect this cloud breach for several months, only noticing suspicious activity in September 2025.
Marquis alleges that SonicWall initially downplayed the severity of the incident. SonicWall first claimed the breach only impacted 5% of its firewalls, leading Marquis to believe its devices were safe.
It was not until October 2025 that SonicWall admitted the backup files of every single customer using the cloud service had been exposed to cybercriminals.
Due to the breach, Marquis is now defending against more than 30 consumer class action lawsuits and a commercial lawsuit for trade secret misappropriation.
The company has also suffered lost business, terminated contracts, and reputational damage in the banking industry.
Marquis is accusing SonicWall of negligence, gross negligence, and unjust enrichment, seeking full reimbursement for damages.
The lawsuit emphasizes that SonicWall failed to follow basic industry best practices.
Marquis argues that leaving MFA scratch codes unencrypted violates security guidelines set by the National Institute of Standards and Technology (NIST) and the Cybersecurity and Infrastructure Security Agency (CISA).
By failing to monitor its own cloud network, SonicWall compromised the internal networks of businesses relying on its protection.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.
