Marquis sues SonicWall over backup breach that led to ransomware attack
Source: Bleeping Computer
Marquis Software Solutions Sues SonicWall
Marquis Software Solutions has filed a lawsuit against SonicWall, accusing the cybersecurity company of gross negligence and misrepresentation that allegedly led to a ransomware attack disrupting operations at 74 U.S. banks.
Breach Timeline
- August 14, 2025 – Hackers breached Marquis’s network in a ransomware attack after compromising a SonicWall firewall.
- January 2026 – Marquis publicly accused SonicWall of security failures, stating that the attackers did not exploit an unpatched firewall flaw but instead used configuration data extracted from SonicWall’s cloud backup service.
- Three weeks after the breach – SonicWall disclosed the incident, initially estimating impact on 5 % of its customers, later confirming that all clients were impacted.
Technical Details of the Attack
-
The breach originated from a security gap introduced in SonicWall’s MySonicWall cloud backup service via an API code change in February 2025.
-
The vulnerability granted unauthorized access to firewall configuration backup files stored in the cloud. These backups contain:
- AES‑256 encrypted credentials
- Configuration data
- MFA scratch codes
-
Despite having an up‑to‑date firewall, enabled multi‑factor authentication (MFA), and additional security controls, Marquis’s firewall was compromised using the exposed backup data.
SonicWall’s Disclosure and Response
- SonicWall initially reported that only 5 % of its customer base was affected.
- The company later revised this estimate, stating that all clients were impacted by the breach.
- When Marquis contacted SonicWall about the MFA bypass, the vendor allegedly withheld critical information and ignored the request.
Investigation Findings
- An investigation by incident response firm Mandiant determined that the attack was carried out by state‑sponsored hackers (source).
Legal Claims
- Marquis is defending more than 36 consumer class‑action lawsuits stemming from the ransomware attack.
- The complaint seeks:
- Monetary damages
- Indemnification
- Contribution for any judgments in the related class actions
- Attorneys’ fees
- Equitable relief
“As a result of SonicWall’s conduct, Marquis has suffered, and continues to suffer, damages; a loss of customers; harm to its business reputation; lost business opportunities, revenue and profit; and substantial diminution in its enterprise value,” Marquis notes in the complaint.
About Marquis
Marquis provides data analytics, CRM tools, compliance reporting, and digital marketing services to a clientele that includes more than 700 banks, credit unions, and mortgage lenders.
