Fintech firm Marquis blames hacking on firewall provider SonicWall for data breach
Fintech firm Marquis has told clients it plans to seek compensation from its firewall provider after it accused the company of breaching a law that allowed hackers to steal its customers’ personal and financial information.
In a memo shared with clients this week and seen by TechCrunch, Marquis said it believes its August 2025 ransomware attack happened because the company’s firewall service provider SonicWall had a data breach that exposed critical security information about its customers’ firewalls. That previous SonicWall breach allowed hackers to obtain the credentials needed to launch a ransomware attack against Marquis, the memo said.
Marquis said its third-party investigation found that the hackers obtained information about its firewall during the hack into SonicWall, which Marquis says was used to bypass its firewall. Marquis confirmed in a social media post that it has backed up its firewall configuration file to the SonicWall cloud.
The company is “continuing to evaluate its options” regarding its firewall provider, including “reimbursement of any costs incurred by Marquis and its customers in responding to the data incident,” according to the memo.
When reached for comment, Hanna Grimm, a spokeswoman for the agency representing Marquis, did not comment or dispute the company’s recent communications with customers but reiterated the claim linking its breach to the previous theft of its firewall configuration.
“In September 2025, after a data security incident affected our systems, our firewall service provider, a leading company in the cybersecurity industry, publicly disclosed that a threat actor had gained unauthorized access to its cloud storage service,” the statement said.
“Marquis has recently started using this provider’s shortcuts to help protect our network,” the statement said. “While the provider initially reported that less than 5% of customers were affected, it later clarified in October 2025 that firewall configuration data and information associated with all customers using the cloud support service, including Marquis, were accessed.”
When contacted by TechCrunch, SonicWall spokesperson Bret Fitzgerald said the company has asked Marquis for evidence to verify its claims and said it will continue to communicate with its customer.
“We have no new evidence to establish a connection between the SonicWall security incident reported in September 2025 and worldwide ransomware attacks on firewalls and other devices,” Fitzgerald said.
Texas-based Marquis, which allows hundreds of banks and credit unions to visualize their customer data, began notifying hundreds of thousands of people last month that their information was taken during a ransomware attack.
The company has access to large amounts of consumer banking customer data across the US, including personal information, financial data, and Social Security numbers, which were stolen by hackers.
SonicWall admitted in October that an earlier breach of its systems actually affected all of its customers who backed up their firewall files in SonicWall’s cloud. It previously said hackers stole only a small portion of its customers’ firewall configuration files that contain policies and settings.
In an interview seen by TechCrunch, Marquis said he called someone else to investigate whether the patch he failed to release at the time of the breach could have been responsible but concluded that the patch related to the feature was not usable in a way that would have allowed hackers to access company information.
A spokesperson for Marquis declined to provide a number on how many people were affected by its data breach. The number of people known to be affected by the breach is expected to rise as new data breach notifications are sent to federal prosecutors.
Do you know more about the Marquis data breach? Do you work for Marquis or a company affected by the breach? We would love to hear from you. To securely communicate with this reporter, you can access Signal using the username zackwhittaker.1337
