Fintech company Marquis has filed a lawsuit against their firewall provider SonicWall, alleging that a previous breach allowed hackers to access sensitive information on customer firewalls, leading to a ransomware attack on Marquis’ system.
The complaint was submitted on Monday in the U.S. District Court for the Eastern District of Texas and requests a jury trial. It alleges that a 2025 breach at SonicWall “exposed crucial security details for Marquis and every customer of SonicWall’s firewall cloud backup service.”
Marquis CEO Satin Mirchandani informed TechCrunch that SonicWall supposedly failed to secure its backup service, resulting in “significant reputational, operational, and financial damage” for the company.
The lawsuit follows reports from TechCrunch weeks earlier that Marquis intended to seek restitution from SonicWall. Marquis, based in Plano, Texas, had informed its clients it held SonicWall responsible for permitting hackers to steal essential customer firewall configuration information, including Marquis’ own data.
“SonicWall allowed a cyber intruder to obtain keys bypassing defenses and entering Marquis’s network, precisely what SonicWall’s firewall should prevent,” the complaint states.
Firewalls are designed to block unauthorized network access, but Marquis claims hackers who compromised its system used SonicWall’s stolen information on firewall configurations, including emergency passcodes (scratch codes), to penetrate Marquis’ network.
Marquis assists hundreds of banks and credit unions with customer data insights and reported that during the attack, hackers obtained “personally identifiable information about customers of Marquis’s financial institution clients.”
The data taken includes customer names, birthdates, addresses, financial details such as bank, debit, and credit card numbers, and Social Security numbers.
SonicWall’s spokesperson did not immediately respond to the lawsuit.
SonicWall initially acknowledged a system breach in mid-September, admitting that less than 5% of customer firewall configuration backup files were extracted from its servers on Amazon’s cloud. By October, the company conceded that the breach affected every customer’s firewall backup files.
In December 2025, Marquis started notifying those impacted by the August breach. SonicWall has not disclosed when hackers accessed its systems.
The exact cause of SonicWall’s breach is unclear. Marquis alleges in its complaint that a code alteration in SonicWall’s API from February 2025 introduced a bug, exploited by hackers, allowing unauthorized access to firewall backup files by predicting firewall serial numbers.
“We secured our network and client data swiftly, but our inquiry showed that our vulnerability stemmed from SonicWall’s breach and lack of notification on firewall compromise,” stated Mirchandani, Marquis CEO, to TechCrunch.
Mirchandani mentioned that SonicWall has yet to disclose non-public details on the breach’s root cause.
“We aim to ascertain more through the litigation,” Mirchandani conveyed.
Marquis hasn’t specified the precise number of individuals affected by its breach. As per Texas’ attorney general records, at least 400,000 individuals in the U.S. are known to be impacted by Marquis’ breach.
The number of affected people is expected to grow as further data breach notices are submitted to U.S. attorneys general.