Fintech firm Marquis told customers that it plans to seek compensation from its firewall provider after blaming the company for a breach that allowed hackers to steal its customers’ personal and financial data.
In a memo shared with customers this week and seen by TechCrunch, Marquis said it believes that its August 2025 ransomware attack happened because the company’s firewall service provider SonicWall had its own data breach that exposed critical security information about its customers’ firewalls. That earlier breach of SonicWall allowed hackers to obtain credentials needed to launch a ransomware attack against Marquis, the memo said.
Marquis said its third-party investigation determined that the hackers obtained information about its firewall during the breach at SonicWall, which Marquis claims was used to circumvent its firewall. Marquis confirmed in the communication that it stored a backup of its firewall configuration file in SonicWall’s cloud.
The company was “evaluating its options” regarding its firewall provider, including the “recoupment of any expenses spent by Marquis and its customers in responding to the data incident,” according to the memo.
When reached for comment, Hanna Grimm, an agency spokesperson representing Marquis, did not address or dispute the company’s recent communication to customers, but reiterated the claim linking its breach with an earlier theft of its firewall configuration.
“In September 2025, after the data security incident affected our systems, our firewall service provider, an industry-leading cybersecurity company, publicly disclosed that a threat actor had earlier in the year gained unauthorized access to its cloud backup service,” the statement said.
“Marquis had recently begun using this provider’s firewalls to help protect our network,” the statement added. “While the provider initially reported that fewer than 5% of customers were affected, it later clarified in October 2025 that firewall configuration data and credentials associated with all customers using the cloud backup service, including Marquis, had been accessed.”
When contacted by TechCrunch, SonicWall spokesperson Bret Fitzgerald said that the company has asked Marquis for evidence to substantiate its claims and said it would continue to engage with its customer.
“We have no new evidence to establish a connection between the SonicWall security incident reported in September 2025 and ongoing global ransomware attacks on firewalls and other edge devices,” Fitzgerald said.
The Texas-based Marquis, which allows hundreds of banks and credit unions to visualize their customers’ data, began notifying hundreds of thousands of people last month that their information was taken during its ransomware attack.
The company has access to large amounts of data belonging to consumer banking customers across the U.S., including personal information, financial data, and Social Security numbers, which the hackers stole.
SonicWall conceded in October that an earlier breach of its systems had in fact affected all of its customers who backed up their firewall files to SonicWall’s cloud. It had previously said hackers stole only a fraction of its customers’ firewall configuration files containing policies and settings.
In the communication seen by TechCrunch, Marquis said it called in a third-party to investigate whether a patch it had failed to roll out at the time of the breach could have been to blame, but concluded that the patch related to a flaw that was not exploitable in a way that could have allowed hackers to access the company’s data.
Marquis’ spokesperson declined to provide a number of how many individuals are affected by its data breach. The number of individuals known to be affected by the breach is expected to rise as new data breach notifications are submitted to state attorneys general.
Do you know more about the Marquis data breach? Do you work at Marquis or a company affected by the breach? We would love to hear from you. To securely contact this reporter, you can reach out using Signal via the username: zackwhittaker.1337
