Fintech company Marquis told customers it plans to seek compensation from its firewall provider for a breach that allowed hackers to steal customers' personal and financial data.
In a memo shared with customers this week seen by TechCrunch, Marquis said he believes the August 2025 ransomware attack occurred because SonicWall, the company's firewall service provider, suffered its own data breach that exposed critical security information about customers' firewalls. The memo states that a previous SonicWall breach allowed hackers to obtain the credentials needed to launch a ransomware attack against Marquis.
Marquis said a third-party investigation found that hackers obtained information about its firewall during the SonicWall breach, which Marquis claims was used to circumvent the firewall. In the communication, Marquis acknowledged that he stores backups of firewall configuration files in the SonicWall cloud.
The memo said the company is “considering options” regarding firewall providers, including “recovering costs incurred by Marquis and its customers in responding to data incidents.”
When asked for comment, Hannah Grimm, a spokeswoman for the agency representing Marquis, did not discuss or dispute the company's recent customer communications, but reiterated the company's claims linking the company's breach to previous thefts of firewall configurations.
“After a data security incident impacted our systems in September 2025, our firewall service provider, an industry-leading cybersecurity company, disclosed that a threat actor gained unauthorized access to its cloud backup service earlier this year,” the statement said.
“Marquis recently began using this provider's firewall to protect our network,” the statement added. “While the provider initially reported that fewer than 5% of its customers were affected, it later disclosed in October 2025 that firewall configuration data and credentials associated with all customers using its cloud backup service, including Marquis, had been accessed.”
In an interview with TechCrunch, SonicWall spokesperson Brett Fitzgerald said the company has asked Marquis for evidence to support its claims and will continue to engage with customers.
“There is no new evidence establishing a connection between the SonicWall security incident reported in September 2025 and the ongoing global ransomware attacks on firewalls and other edge devices,” Fitzgerald said.
Texas-based Marquis, which gives hundreds of banks and credit unions visibility into their customer data, last month began notifying hundreds of thousands of people that their information had been stolen during a ransomware attack.
The company has access to large amounts of data belonging to consumer banking customers across the United States, including personal information, financial data, and Social Security numbers that the hackers stole.
SonicWall acknowledged in October that a previous system breach had indeed affected all customers who had backed up their firewall files to SonicWall's cloud. The company previously said the hackers stole only some of its customers' firewall configuration files, including policies and settings.
In a communication seen by TechCrunch, Marquis said it brought in a third party to investigate whether a patch that failed to deploy at the time of the breach could be the culprit, and concluded that the patch is related to a flaw that cannot be exploited in a way that would allow hackers to access the company's data.
A Marquis spokesperson declined to say how many individuals were affected by the data breach. The number of individuals known to be affected by this breach is expected to further increase as new data breach notifications are filed with state attorneys general.
Do you know more about the Marquis data breach? Do you work for Marquis or a company affected by the breach? We'd love to hear from you. To contact this reporter securely, you can do so using Signal via username zackwhittaker.1337.