Fintech company Marquis has informed its customers that it intends to seek compensation from its firewall provider. The firm blames the provider for a breach that enabled hackers to steal customers’ personal and financial data.
In a memo shared with customers this week, Marquis stated it believes its August 2025 ransomware attack occurred because its firewall service provider, SonicWall, experienced its own data breach. That earlier breach exposed critical security information about customer firewalls. According to the memo, this allowed hackers to obtain credentials needed to launch the ransomware attack against Marquis.
Marquis said a third-party investigation determined the hackers obtained information about its firewall during the SonicWall breach, which Marquis claims was used to circumvent its firewall. The company confirmed it stored a backup of its firewall configuration file in SonicWall’s cloud. Marquis stated it is evaluating its options regarding its firewall provider, including recouping expenses spent by Marquis and its customers in responding to the data incident.
When reached for comment, an agency spokesperson representing Marquis did not address the recent customer communication but reiterated the claim linking its breach to the earlier theft of its firewall configuration. The spokesperson stated that in September 2025, after Marquis’s data security incident, its firewall provider publicly disclosed that a threat actor had earlier gained unauthorized access to its cloud backup service. Marquis had recently begun using this provider’s firewalls. While the provider initially reported fewer than 5% of customers were affected, it later clarified in October 2025 that firewall configuration data and credentials for all customers using the cloud backup service, including Marquis, had been accessed.
When contacted, a SonicWall spokesperson said the company has asked Marquis for evidence to substantiate its claims and will continue to engage with its customer. The spokesperson stated there is no new evidence to establish a connection between the SonicWall security incident reported in September 2025 and ongoing global ransomware attacks on firewalls and other edge devices.
Texas-based Marquis, which allows hundreds of banks and credit unions to visualize their customers’ data, began notifying hundreds of thousands of people last month that their information was taken during the ransomware attack. The company has access to large amounts of data belonging to consumer banking customers across the U.S., including personal information, financial data, and Social Security numbers, which were stolen by the hackers.
SonicWall conceded in October that an earlier breach of its systems had in fact affected all of its customers who backed up their firewall files to its cloud. It had previously said hackers stole only a fraction of its customers’ firewall configuration files containing policies and settings.
In its communication, Marquis said it called in a third party to investigate whether a missing patch could have been to blame for its breach. It concluded that the patch related to a flaw that was not exploitable in a way that could have allowed hackers to access the company’s data.
Marquis’s spokesperson declined to provide a figure for how many individuals are affected by its data breach. The number of individuals known to be affected is expected to rise as new data breach notifications are submitted to state attorneys general.