The fintech powerhouse Marquis has initiated legal proceedings against its firewall service provider SonicWall, asserting that a previous breach facilitated hackers in stealing sensitive data related to customer firewalls, culminating in a ransomware incident affecting Marquis’ infrastructure.

The legal action, lodged on Monday in the U.S. District Court for the Eastern District of Texas, calls for a jury trial. It asserts that the 2025 compromise at SonicWall “revealed vital security information for Marquis and all clients utilizing SonicWall’s firewall cloud backup service.”

Satin Mirchandani, Marquis’ CEO, informed TechCrunch in a statement that SonicWall purportedly neglected to safeguard its backup service, leading to “significant damage to reputation, operations, and finances” for the company.

The announcement of the lawsuit follows weeks after TechCrunch disclosed that Marquis intended to pursue restitution from SonicWall. The fintech giant, based in Plano, Texas, had communicated to its clientele that it held SonicWall accountable for the breach that allowed hackers to exfiltrate sensitive data about customer firewall configuration files, including its own.

“SonicWall permitted a threat actor to acquire the means to circumvent that protective barrier and gain access to Marquis’s internal network, precisely what SonicWall’s firewall was designed to prevent,” the complaint states.

Firewalls are designed to block unauthorized access to corporate networks, but Marquis contends that the ransomware incident was caused by hackers utilizing information stolen from SonicWall regarding customer firewall configurations, including emergency access codes (referred to as scratch codes) that granted entry to Marquis’ internal network.

Marquis, which enables numerous banks and credit unions to analyze their customers’ data, indicated that the hackers acquired “personally identifiable information related to customers of several of Marquis’s financial institution clients” during the cyberattack.

The compromised information encompasses customer names, birthdates, residential addresses, and financial data, including bank account, debit, and credit card numbers, as well as Social Security numbers of the customers.

A representative from SonicWall has not yet responded to inquiries regarding the lawsuit.

SonicWall first acknowledged a breach in its systems in mid-September, claiming that less than 5% of its customer firewall configuration backup files had been exfiltrated from its storage servers, which are hosted on Amazon’s cloud and managed by SonicWall. In October, the firewall manufacturer admitted that in fact every customer had their firewall backup files compromised in the breach.

In December 2025, Marquis began alerting those affected that its networks had been infiltrated the previous August. SonicWall has not disclosed when hackers first gained entry to its systems.

The exact cause of the breach at SonicWall remains uncertain. Marquis asserts in its complaint that SonicWall altered the code in one of its APIs months prior, in February 2025, which “introduced a vulnerability that could be exploited by threat actors.” Marquis claims this flaw enabled hackers to access customer firewall configuration backup files “without appropriate authentication” by predicting firewall serial numbers.

“Although we swiftly managed to secure our network and client data, our investigation indicated that our exposure to threat actors resulted from SonicWall’s network breach and its failure to inform us that our firewall defenses were possibly compromised,” stated Mirchandani, the CEO of Marquis, in a statement provided to TechCrunch.

Mirchandani mentioned to TechCrunch that SonicWall has yet to supply any non-public insights regarding the root cause of its breach. 

“We anticipate learning more through the legal proceedings,” remarked Mirchandani.

Marquis has not disclosed the number of individuals impacted by its data breach. A record with Texas’ attorney general shows that at least 400,000 individuals across the U.S. are confirmed to be affected by the fintech giant’s breach. 

The total number of affected individuals is expected to grow as additional data breach notifications are submitted to various U.S. attorneys general.