Marquis confirms data breach, point finger of blame at SonicWall firewall

News
By published

US fintech firm wants SonicWall to pay for the damages

Digital image of a lock.
Image Credit: Shutterstock (Image credit: Shutterstock)
  • Marquis suffers ransomware attack, losing sensitive customer and financial data
  • Company blames SonicWall breach, though SonicWall denies direct connection
  • Attack linked to Akira, a Russian state-sponsored ransomware group targeting SonicWall systems

Marquis, a US fintech company building software for banks and credit unions, has confirmed suffering a ransomware attack and losing sensitive customer data, but shifted the blame onto its firewall provider, SonicWall.

In mid-September 2025, SonicWall warned its firewall customers to reset their passwords after unnamed threat actors brute-forced their way into the company’s MySonicWall cloud service. This tool allows SonicWall firewall users (typically businesses and IT teams) to back up their firewall configuration files, including network rules and access policies, VPN configurations, service credentials (LDAP, RADIUS, SNMP), or admin usernames and passwords (if stored in config).

At first, SonicWall claimed fewer than 5% of its customer base was affected but later concluded that everyone lost their backups to hackers.

Asking for proof

Now, in a memo shared with its customers, Marquis confirmed to have been among the affected ones, and said it was evaluating its options to have SonicWall compensate for the damages.

SonicWall, on the other hand, hinted that there is no evidence the two breaches are connected:

“We have no new evidence to establish a connection between the SonicWall security incident reported in September 2025 and ongoing global ransomware attacks on firewalls and other edge devices,” SonicWall spokesperson Bret Fitzgerald told TechCrunch.

Marquis’s clients count “hundreds” of banks and credit unions, who use their tools to visualize customer data. When cybercriminals broke in, they stole large amounts of data, including personal information, financial information, and Social Security Numbers (SSN). We don’t know exactly how many customers are affected.

Attack attribution is rather tricky. Back in late September, SonicWall itself said the attack was most likely done by a state-sponsored threat actor but did not name any names. In the meantime, multiple security outlets blamed the Marquis attack on a ransomware operator called Akira, a Russian state-sponsored actor known for targeting SonicWall infrastructure.

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.