Fintech giant Marquis is suing its firewall provider SonicWall. The lawsuit claims an earlier breach at SonicWall allowed hackers to steal sensitive information about customer firewalls, which then led to a ransomware attack on Marquis’s own network.
The legal complaint was filed in the U.S. District Court for the Eastern District of Texas and seeks a jury trial. It states the 2025 breach at SonicWall exposed critical security information for Marquis and every customer that used SonicWall’s firewall cloud backup service.
Marquis’s chief executive, Satin Mirchandani, stated that SonicWall allegedly failed to secure its backup service, causing Marquis to suffer significant reputational, operational, and financial harm. The lawsuit follows earlier reports that Marquis was planning to seek compensation from SonicWall.
The Plano, Texas-based fintech giant had informed its customers that it blamed SonicWall for allowing hackers to steal sensitive firewall configuration files. The complaint reads that SonicWall allowed a threat actor to obtain the keys to bypass its defenses and walk right into Marquis’s internal network, which is the very thing the firewall was supposed to prevent.
Firewalls are designed to block unauthorized network access, but Marquis alleges the hackers used information stolen from SonicWall about how customers configure their firewalls. This included emergency passcodes, known as scratch codes, that granted access to Marquis’s internal network to deploy ransomware.
Marquis, which provides data visualization services to hundreds of banks and credit unions, said the hackers took personally identifiable information concerning customers of some of its financial institution clients during the cyberattack. The stolen data includes customer names, dates of birth, postal addresses, and financial information such as bank account, debit card, and credit card numbers, as well as Social Security numbers.
A spokesperson for SonicWall did not immediately comment on the lawsuit. SonicWall first admitted to a breach of its systems in mid-September, initially stating that fewer than 5% of customer firewall configuration backup files were taken from its storage servers hosted on Amazon’s cloud. By October, the firewall maker conceded that in fact every customer had their firewall backup files stolen in the breach.
Marquis began notifying affected people in December 2025 that its networks had been breached the previous August. SonicWall has not said when hackers first gained access to its systems.
The root cause of the breach at SonicWall is not yet clear. In its complaint, Marquis claims SonicWall made a code change to one of its APIs in February 2025 that created a vulnerability exploitable by threat actors. Marquis said this bug allowed hackers to access customer firewall configuration backup files without proper authentication by guessing predictable firewall serial numbers.
The Marquis CEO stated that while the company secured its network and client data quickly, its investigation revealed the exposure was due to SonicWall’s network breach and failure to notify Marquis that its firewall protection was potentially compromised. Mirchandani also told TechCrunch that SonicWall has not provided any non-public information about the root cause of its breach and that Marquis hopes to learn more through the litigation process.
Marquis still will not say how many individuals are affected by its data breach. According to a listing with the Texas attorney general, at least 400,000 people across the U.S. are known to be affected. The number of affected individuals is anticipated to rise as more data breach notifications are filed with various state authorities.