Marquis Data Breach Linked to SonicWall Hack: Fintech Firm Attributes Breach to Firewall Provider
Published
Key Takeaways
- Vendor Compromise: Fintech firm Marquis attributes its recent data breach to a compromised SonicWall-managed firewall configuration.
- Ransomware Impact: The attack enabled threat actors to bypass network defenses, deploy ransomware, and steal customer data from hundreds of U.S. banks.
- Cloud Vulnerability: Marquis said that a backup of its firewall configuration file stored in SonicWall’s cloud was the vector used to obtain network access credentials.
Fintech company Marquis has officially linked its August 2025 data breach to a security failure at its firewall provider, SonicWall. Marquis, which services hundreds of banks and credit unions across the United States, stated in a customer communication that threat actors utilized credentials obtained from the earlier SonicWall breach to infiltrate its systems.
This unauthorized access facilitated a ransomware attack that exposed sensitive consumer data, including Social Security numbers and financial records.
SonicWall Firewall Hack and Configuration Exposure
The incident centers on a SonicWall firewall hack involving the vendor's cloud backup service. Marquis alleged in an internal memo that threat actors accessed a backup of its firewall configuration file stored in SonicWall's cloud environment, which contained critical network credentials that enabled them to circumvent perimeter defenses.
The memo continued to say that while SonicWall initially reported fewer than 5% of customers were impacted by its own data breach, it later clarified in October 2025 that configuration data for all customers using the cloud backup service had been accessed.
SonicWall spokesperson Bret Fitzgerald said the company is requesting evidence from Marquis to substantiate a direct connection between the two incidents, according to TechCrunch.
“We have no new evidence to establish a connection between the SonicWall security incident reported in September 2025 and ongoing global ransomware attacks on firewalls and other edge devices,” they said.
Supply Chain Risk and Cybersecurity Best Practices
Artisans' Bank and VeraBank confirmed data exposure last month, adding to the tens of impacted entities. As the investigation continues, Marquis indicated it plans to seek recoupment of expenses from the firewall provider.
Organizations should evaluate their internal security posture and the security of their vendors, and how critical infrastructure data, such as firewall configurations, is stored and backed up.
In November, a SitusAMC cyberattack exposed client data of major banks, possibly from JPMorgan Chase, Citi, and Morgan Stanley.
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular