Fintech giant Marquis is suing firewall provider SonicWall, claiming a previous breach allowed hackers to steal sensitive information about customer firewalls that led to a ransomware attack on Marquis’ network.
The lawsuit, filed on Monday in the US District Court for the Eastern District of Texas, is asking for a jury trial. It claims the 2025 breach at SonicWall “exposed critical security information for Marquis and every customer using SonicWall’s firewall cloud backup service.”
Marquis CEO Satin Mirchandani told TechCrunch in a statement that SonicWall allegedly failed to secure its backup service, which caused the company to suffer “significant reputational, operational and financial damage.”
News of the lawsuit comes weeks after TechCrunch reported that Marquis planned to seek damages from SonicWall. The Plano, Texas-based fintech giant had told its customers that it blamed SonicWall for allowing hackers to steal sensitive information about customer firewall configuration files, including its own.
“SonicWall allowed a threat actor to obtain the keys to bypass this line of defense and directly into Marquis’ internal network, exactly what SonicWall’s firewall was supposed to prevent,” the complaint states.
Firewalls are meant to prevent unauthorized access to a company’s network, but Marquis alleges that the hackers who breached its network with ransomware used information stolen from SonicWall about how its customers configure their firewalls, including emergency passwords (known as scratch codes) that allowed access to Marquis’ internal network.
Marquis, which allows hundreds of banks and credit unions to visualize their customer data, said the hackers obtained “personal information relating to customers of some of Marquis’ financial institution customers” in its cyber attack.
Stolen data includes customer names, dates of birth, mailing addresses and financial information, including bank account, debit and credit card numbers, as well as customer social security numbers
A representative for SonicWall did not immediately comment on the lawsuit.
SonicWall first admitted a breach of its systems in mid-September, in which it said less than 5% of its customer firewall configuration backups had been extracted from its storage servers, hosted in Amazon’s cloud and maintained by SonicWall. The firewall maker in October admitted that in fact every customer firewall backup files were stolen due to the breach.
Marquis in December 2025 began notifying those affected that its networks had been breached in August. SonicWall has not said when hackers were first able to gain access to its systems.
It is not yet clear what caused the breach at SonicWall. In its complaint, Marquis alleges that SonicWall made a code change to one of its APIs months earlier, in February 2025, that “created a vulnerability exploitable by threat actors.” Marquis said this bug allowed hackers to access customer firewall configuration backup files “without proper authentication” by guessing predictable firewall serial numbers.
“While we were able to quickly secure our network and customer data, our investigation revealed that our exposure to threat actors was due to SonicWall’s network breach and failure to alert us that our firewall protection was potentially compromised,” Mirchandani, Marquis’ CEO, said in a statement shared with TechCrunch.
Mirchandani told TechCrunch that SonicWall has yet to release any non-public information about the root cause of its breach.
“We hope to learn more through the court process,” Mirchandani said.
Marquis will not yet say how many people are affected by its data breach. According to a list with the Texas attorney general, at least 400,000 people across the US are known to be affected by the fintech giant’s breach.
The number of people affected is expected to increase as more data breach notifications are submitted to various US attorneys general.
