Fintech giant Marquis is suing its firewall provider Sonic Wall, saying a previous breach allowed hackers to steal sensitive information about customers' firewalls, which led to a ransomware attack on Marquis' network.
The lawsuit was filed Monday in the U.S. District Court for the Eastern District of Texas and seeks a jury trial. The company claims that the 2025 SonicWall breach “exposed critical security information for Marquis and all customers who used SonicWall's firewall cloud backup service.”
Marquis CEO Satin Mirchandani told TechCrunch that SonicWall's alleged failure to ensure the security of its backup services caused the company “significant reputational, operational, and financial harm.”
News of the lawsuit comes weeks after TechCrunch reported that Marquis plans to sue SonicWall for damages. The Plano, Texas-based fintech giant told customers that SonicWall was responsible for allowing hackers to steal confidential information about their firewall configuration files, including their own.
“SonicWall allowed the attacker to bypass its defense lines and obtain the keys to directly penetrate Marquis' internal network, which is exactly what SonicWall's firewalls are supposed to prevent,” the complaint states.
Firewalls are intended to prevent unauthorized access to a company's network, but Marquis claims that the hackers who scrambled the network with ransomware used information stolen from SonicWall about how to configure customers' firewalls, including emergency passcodes (known as scratch codes) that allowed access to Marquis' internal networks.
Marquis, which provides visibility into customer data to hundreds of banks and credit unions, said the hackers “obtained personal information about customers of some of Marquis' financial institutions” in the cyber attack.
Stolen data includes financial information such as customer names, dates of birth, addresses, bank accounts, debit and credit card numbers, and customer social security numbers.
A SonicWall spokesperson did not immediately comment on the lawsuit.
SonicWall first acknowledged the system breach in mid-September, announcing that less than 5% of its customers' firewall configuration backup files had been compromised from storage servers hosted on Amazon's cloud and managed by SonicWall. The firewall maker admitted in October that, in fact, all of its customers had their firewall backup files stolen in a breach.
Marquis began notifying affected people in December 2025 that its network had been compromised in August of that year. SonicWall did not say when the hackers first gained access to its systems.
The cause of the SonicWall breach is not yet clear. Marquis alleges in his complaint that SonicWall made a code change to one of its APIs several months earlier, in February 2025, that “created a vulnerability that could be exploited by threat actors.” The bug allowed hackers to access backup files of customers' firewall configurations “without proper authentication” by guessing predictable firewall serial numbers, Marquis said.
“While we were able to quickly secure our network and client data, our investigation revealed that our exposure to threat actors was due to a breach of our SonicWall network and our failure to notify us that our firewall protections could be compromised,” Marquis CEO Mirchandani said in a statement shared with TechCrunch.
Mirchandani told TechCrunch that SonicWall has not yet provided any non-public information regarding the root cause of the breach.
“We hope to learn more through the litigation process,” Mirchandani said.
Marquis has not yet disclosed the number of individuals affected by the data breach. At least 400,000 people nationwide are known to have been affected by the fintech giant's breach, according to a list from the Texas attorney general.
The number of affected individuals is expected to further increase as more data breach notifications are filed with various attorneys general in the United States.