Marquis, a prominent player in the fintech sector, has informed its clients of its intention to seek compensation from its firewall provider following a data breach that compromised personal and financial information.
In a recent memo shared with clients and reviewed by TechCrunch, Marquis indicated that it believes the ransomware attack in August 2025 was a result of a prior data breach at SonicWall, its firewall service provider. This incident allegedly exposed vital security details regarding the firewalls used by Marquis, facilitating the hackers' access to the system.
According to the findings of an independent investigation, the attackers reportedly acquired information about Marquis's firewall during the SonicWall breach. This information was then utilized to bypass Marquis's security measures. The company also confirmed that it had stored a backup of its firewall configuration file within SonicWall's cloud infrastructure.
Marquis is currently exploring various options concerning its firewall provider, including the potential recovery of costs incurred by both the company and its clients in response to this data breach.
When asked for comments, Hanna Grimm, a spokesperson for Marquis, did not dispute the company's statements but reiterated the connection between its breach and the earlier incident involving firewall configuration theft.
In September 2025, following the security incident, SonicWall publicly acknowledged that a threat actor had gained unauthorized access to its cloud backup service earlier in the year. Marquis had recently begun utilizing SonicWall's firewalls to enhance its network security.
Initially, SonicWall reported that less than 5% of its customers were affected, but later clarified in October 2025 that the firewall configuration data and credentials of all customers using the cloud backup service, including Marquis, had been compromised.
In response to inquiries from TechCrunch, SonicWall spokesperson Bret Fitzgerald stated that the company has requested evidence from Marquis to support its claims and will continue to communicate with its client.
Fitzgerald added, "We have no new evidence to establish a connection between the SonicWall security incident reported in September 2025 and ongoing global ransomware attacks on firewalls and other edge devices."
Marquis, based in Texas, serves numerous banks and credit unions by providing insights into customer data. The firm began notifying hundreds of thousands of individuals last month about the data that was compromised during the ransomware attack.
The company manages extensive amounts of consumer banking data across the U.S., including personal information, financial records, and Social Security numbers, all of which were stolen during the breach.
SonicWall later acknowledged that its previous breach had indeed affected all customers who backed up their firewall configurations to its cloud service. Initially, the company claimed that hackers had only accessed a small portion of customer firewall configuration files.
In the memo reviewed by TechCrunch, Marquis mentioned that it had engaged a third-party to investigate whether a missed patch at the time of the breach could have contributed to the incident. However, it concluded that the patch pertained to a vulnerability that could not have been exploited to access the company's data.
Marquis's spokesperson did not disclose the number of individuals affected by the data breach. As new notifications of the breach are submitted to state attorneys general, the number of impacted individuals is expected to increase.
If you have more information regarding the Marquis data breach or are affiliated with the company or its clients, we invite you to share your insights. To securely contact this reporter, please reach out via Signal using the username: zackwhittaker.1337