Marquis Sues SonicWall Over Backup Breach That Triggered Ransomware Attack Affecting 74 Banks

Marquis Software Solutions has filed a lawsuit against cybersecurity vendor SonicWall, alleging that security failures within the vendor’s cloud backup infrastructure enabled a ransomware attack that disrupted operations across 74 U.S. banks. The complaint accuses SonicWall of gross negligence and misrepresentation, marking one of the more consequential legal disputes to emerge from a third-party security breakdown in the financial sector.

The incident dates back to August 14, 2025, when attackers breached Marquis’ network after compromising a SonicWall firewall deployment. Initially believed to be the result of an unpatched vulnerability, a later internal investigation reportedly revealed a different root cause tied to configuration data exposure within SonicWall’s cloud-based backup systems.

How the Attack Unfolded

According to court filings, the attackers did not exploit a traditional software flaw in the firewall firmware. Instead, they allegedly accessed configuration data extracted from SonicWall’s cloud backup infrastructure. That configuration data provided the threat actors with insights necessary to penetrate Marquis’ environment.

Once inside, the attackers deployed ransomware and exfiltrated sensitive data. The intrusion caused operational disruptions for dozens of financial institutions that rely on Marquis for data analytics, customer relationship management tools, compliance reporting, and digital marketing services.

Scope of the Data Exposure

The stolen files reportedly contained personal information received from Marquis’ banking partners. The exposed details included names, physical addresses, phone numbers, Social Security numbers, Taxpayer Identification Numbers, and financial account information.

Given that Marquis serves more than 700 banks, credit unions, and mortgage lenders nationwide, the breach had cascading effects. While 74 banks were confirmed as directly disrupted, the broader customer ecosystem faced heightened scrutiny and regulatory pressure following the incident.

Legal Claims Against SonicWall

In January 2026, Marquis formally accused SonicWall of failing to adequately secure its backup infrastructure and misrepresenting the strength of its security controls. The lawsuit claims that SonicWall’s cloud environment allowed sensitive firewall configuration data to be accessed by unauthorized parties.

The complaint further argues that had the backup systems been properly secured, the attackers would not have been able to extract the configuration data needed to execute the breach. Marquis is seeking damages tied to incident response costs, business interruption, reputational harm, and regulatory exposure.

Third-Party Risk and Backup Infrastructure Vulnerabilities

The case highlights a growing concern in enterprise cybersecurity: the security of cloud-based backup and management infrastructure. While organizations often focus on patching vulnerabilities and hardening perimeter defenses, centralized backup systems can become high-value targets if improperly protected.

Configuration files in particular can provide attackers with critical intelligence. Firewall rules, VPN settings, authentication endpoints, and network segmentation data can dramatically reduce the time required for adversaries to move laterally once access is achieved.

Impact on the Financial Sector

Financial institutions operate in a heavily regulated environment where operational continuity and data protection are paramount. A ransomware event affecting dozens of banks simultaneously raises systemic risk concerns, particularly when the disruption originates from a shared technology provider.

Regulators are increasingly examining third-party vendor relationships under frameworks that require financial entities to assess and monitor cybersecurity risks across their supply chains. This lawsuit may set a precedent regarding vendor liability when cloud infrastructure weaknesses contribute to downstream breaches.

Broader Implications

The Marquis-SonicWall dispute underscores the evolving nature of ransomware attacks, where the compromise vector may not involve a direct software exploit but rather weaknesses in ancillary systems such as backups, management portals, or administrative tools.

As legal accountability becomes more prominent in cybersecurity incidents, technology vendors may face increased scrutiny over how they secure customer configuration data within cloud ecosystems. The outcome of this lawsuit could influence contractual language, service level agreements, and cyber insurance requirements across the financial technology sector.