Fintech company Marquis has initiated a lawsuit against its firewall provider, SonicWall, in the U.S. District Court for the Eastern District of Texas. The complaint, filed on Monday, accuses SonicWall of negligence for a breach that reportedly exposed essential security information related to customer firewall configurations. This breach is claimed to have facilitated a ransomware attack on Marquis’ network in 2025, causing significant reputational, operational, and financial damages, as stated by Marquis’ CEO, Satin Mirchandani.
The lawsuit seeks a jury trial and alleges that SonicWall’s failure to secure its backup service led to the theft of sensitive firewall configuration details by hackers, including emergency passcodes that enabled unauthorized access to Marquis’ internal network. Marquis serves numerous banks and credit unions, which means the breach not only impacted their systems but also compromised customer data, encompassing personally identifiable information such as names, dates of birth, addresses, and financial details.
SonicWall initially reported a breach in mid-September, claiming that less than 5% of its customers’ firewall configuration files were compromised. However, by October, it acknowledged that every customer had experienced data theft. Marquis began notifying victims of the breach in December 2025 but has not disclosed the exact number of affected individuals, although reports indicate at least 400,000 people across the United States may be involved.
The lawsuit indicates that a code change made by SonicWall to its API in February 2025 created a significant vulnerability, allowing unauthorized access to the firewall configuration files without proper authentication. Mirchandani indicated a hope to uncover more information about the breach through the litigation process, asserting that SonicWall has yet to provide detailed insight into the incident’s root cause.
As the lawsuit unfolds, the number of impacted individuals could increase further as Marquis continues its notifications to various state attorney generals. The implications of this case highlight the potential risks associated with third-party service providers in the tech industry, making it essential for companies to ensure robust security measures are in place to protect sensitive customer information.
Fanpage: TechArena.au
Watch more about AI – Artificial Intelligence
