Legal Battle in Texas: Marquis vs. SonicWall
A significant legal dispute is unfolding in Texas, where fintech company Marquis has initiated a lawsuit against SonicWall, its cloud backup service provider. The crux of the allegation stems from security breaches within SonicWall’s systems, which Marquis claims facilitated a large-scale ransomware attack on its internal network.
Details of the Lawsuit
Filed in the U.S. District Court for the Eastern District of Texas, Marquis is seeking a jury trial against SonicWall. The complaint alleges that a security breach at SonicWall in 2025 compromised essential security information for Marquis and its clients who were using SonicWall’s firewall cloud backup services. This breach reportedly enabled attackers to access sensitive backup files, ultimately leading to unauthorized infiltration of Marquis’ internal systems.
The Exploitation of Firewall Configurations
Firewalls play a crucial role in maintaining the integrity of internal networks by blocking unauthorized access. However, Marquis contends that the attackers utilized the data acquired from SonicWall’s cloud backup service to gain insights into how its customers had configured their firewalls. Such insider knowledge allegedly provided the hackers with the necessary blueprint to circumvent security measures.
The complaint further mentions that important access credentials, known as scratch codes, were part of the stolen information. These codes are designed for urgent administrative use and were reportedly employed by attackers to bypass security protocols and gain entry into Marquis’ network.
“SonicWall permitted a threat actor to secure the means necessary to bypass that line of defense and breach Marquis’s internal network,” the lawsuit states, highlighting the severity of the incident.
The Ransomware Attack
Once attackers gained access to the Marquis network, they reportedly unleashed a ransomware assault that disrupted operations and compromised sensitive data. Marquis, which offers data visualization tools to a range of banks and credit unions, indicated that the Cyberattack resulted in unauthorized access to personally identifiable information (PII) of its customers.
The sensitive data taken in the breach allegedly includes a range of information such as names, birth dates, mailing addresses, along with critical financial details including bank account and credit/debit card numbers. In a further breach of security, social security numbers were also among the information exposed to attackers.
The Scope and Timing of the Data Breach
SonicWall initially acknowledged a breach in September 2025, suggesting that less than 5% of customer firewall configuration backup files had been improperly accessed. However, by October, the company shifted its stance, admitting that the breach had affected all customer firewall backup files.
Marquis began notifying individuals whose information might have been compromised in December 2025, marking the breach’s timeline back to August of that year. Notably, SonicWall hasn’t disclosed when the attackers first infiltrated its systems, raising concerns over how long this vulnerability lingered.
In its legal filing, Marquis points to a code modification made in February 2025 as a potential cause for the exploit. They argue that this change introduced a security flaw allowing attackers to access firewall backup files without the necessary authentication, by simply guessing serial numbers associated with the firewalls.
The Ripple Effect of the Cyber Incident
While Marquis has not confirmed how many individuals have been impacted, records from the Texas attorney general suggest that at least 400,000 people across the United States may be affected. This number could potentially increase as further notifications are processed through other states.
The lawsuit casts a spotlight on SonicWall’s security measures concerning its cloud backup service. Ultimately, it will be up to a jury in the Eastern District of Texas to determine whether the alleged vulnerabilities in SonicWall’s security practices were at the root of the ransomware attack that targeted Marquis.
This unfolding legal case underscores the critical need for robust cybersecurity protocols in an increasingly digital landscape, particularly for companies that handle sensitive customer information.
