Fintech giant Marquis has officially filed a lawsuit against its firewall provider, SonicWall, in the U.S. District Court for the Eastern District of Texas. The legal action alleges that a catastrophic security failure within SonicWall’s cloud backup service exposed sensitive configuration data, effectively handing hackers the keys to infiltrate Marquis’ internal network and launch a devastating ransomware attack.
The Core Allegations: How the Defense Failed
The lawsuit, filed this Monday, claims that a 2025 security breach at SonicWall compromised critical data for Marquis and every other customer utilizing the provider’s firewall cloud backup service. According to the complaint, SonicWall’s failure allowed threat actors to bypass primary defenses by utilizing stolen emergency passcodes—or “scratch codes”—derived from the compromised backup files.
Marquis CEO Satin Mirchandani stated that the breach caused “significant reputational, operational, and financial harm” to the firm. The company argues that the very tool designed to block unauthorized access became the primary vector for the attack on its infrastructure.
Data Exposure and Impact on Customers
The consequences of the breach extend far beyond Marquis’ internal systems. As a service provider for hundreds of banks and credit unions, the attack resulted in the theft of highly sensitive personally identifiable information (PII). Exposed data includes:
- Full customer names and dates of birth
- Postal addresses
- Financial details, including bank account, debit, and credit card numbers
- Social Security numbers
While Marquis has not disclosed the total number of victims, filings with the Texas Attorney General indicate that at least 400,000 individuals across the United States have already been affected, with that number expected to climb as further notifications are processed.
The Technical Root Cause
The lawsuit highlights a specific vulnerability introduced by a code change to one of SonicWall’s APIs in February 2025. Marquis alleges this update created a flaw that permitted unauthorized access to customer backup files by simply guessing predictable firewall serial numbers.
This follows a timeline of shifting admissions from the firewall provider. While SonicWall initially admitted to a breach in mid-September 2025, claiming only 5% of its customer base was impacted, the company later conceded that every single customer had their backup files stolen.
Lack of Transparency and Future Litigation
Despite the severity of the incident, Marquis claims that SonicWall has failed to provide non-public information regarding the root cause of the breach. Mirchandani emphasized that the firm intends to use the litigation process to uncover the full extent of the security failures and the timeline of the compromise.
SonicWall has yet to provide an official comment regarding the ongoing lawsuit. As the legal battle unfolds, the case underscores the growing risks associated with third-party cloud service providers and the critical nature of securing firewall configuration backups against sophisticated threat actors.