Fintech firm Marquis has told clients it plans to seek compensation from the firewall provider after it accused the company of a breach that allowed hackers to steal its customers’ personal and financial data.
In a note shared with clients this week and seen by TechCrunch, Marquis said it believes the August 2025 ransomware attack happened because the company’s firewall service provider SonicWall had its own data breach that exposed critical security information about its customers’ firewalls. That earlier SonicWall breach allowed hackers to obtain the credentials needed to launch a ransomware attack against Marquis, the memo said.
Marquis said its third-party investigation found that hackers obtained information about its firewall during the SonicWall breach, which Marquis claims was used to bypass its firewall. Marquis confirmed in the communication that he saved a backup copy of the firewall configuration file in the SonicWall cloud.
The company was “evaluating its options” regarding its firewall provider, including “reimbursing any costs incurred by Marquis and its customers in responding to the data incident,” according to the memo.
When reached for comment, Hanna Grimm, a spokeswoman for the company representing Marquis, did not address or dispute the company’s recent communication with customers, but repeated the claim that it links its breach to an earlier theft of its firewall configuration.
“In September 2025, after the data security incident affected our systems, our firewall service provider, a leading cybersecurity company, publicly disclosed that a threat actor had gained unauthorized access to our cloud backup service earlier in the year,” the statement said.
“Marquis had recently begun using this provider’s firewalls to help protect our network,” the statement added. “While the provider initially reported that less than 5% of customers were affected, it later clarified in October 2025 that the data and firewall configuration credentials associated with all customers using its cloud backup service, including Marquis, had been accessed.”
When contacted by TechCrunch, SonicWall spokesman Bret Fitzgerald said the company had asked Marquis for evidence to substantiate its claims and said it would continue to work with its customer.
“We have no new evidence to demonstrate a connection between the SonicWall security incident reported in September 2025 and the ongoing global ransomware attacks on firewalls and other edge devices,” Fitzgerald said.
Texas-based Marquis, which allows hundreds of banks and credit unions to visualize their customer data, began notifying hundreds of thousands of people last month that their information was taken during the ransomware attack.
The company has access to a large amount of data belonging to US consumer banking customers, including personal information, financial data and social security numbers, which the hackers stole.
SonicWall granted in October that a previous breach of its systems had indeed affected all of its customers who backed up their firewall files to the SonicWall cloud. He had previously said hackers stole only a fraction of its customers’ firewall configuration files which contains policies and settings.
In the communication seen by TechCrunch, Marquis said it called in a third party to investigate whether a patch that had not been released at the time of the breach could be to blame, but concluded that the patch associated with a flaw was not exploitable in a way that could allow hackers to access the company’s data.
A Marquis spokesman declined to provide a number on how many people are affected by the data breach. The number of people known to be affected by the breach is expected to rise as new data breach notifications are filed with state attorneys general.
Know more about the Marquis data breach? Do you work for Marquis or a company affected by the breach? We would love to hear from you. To contact this reporter securely, you can contact using Signal via the username zackwhittaker.1337
