Third Party Risk Management,
Data Security,
Governance & Risk Management
Lawsuit Alleges SonicWall Cloud Backup Vulnerability Led to Ransomware Attack on Marquis
Marquis Software Solutions has initiated legal action against SonicWall, asserting that the company inadequately represented the seriousness of a breach in its MySonicWall cloud backup service, resulting in significant financial and operational damages to Marquis.
See Also: New Automated Approach to Compliance, Business Risk
Based in Plano, Texas, Marquis claims that an attacker exploited exposed credentials and configuration data leaked during the February 2025 SonicWall breach to execute a ransomware attack in August 2025, affecting sensitive client data. Despite Marquis implementing multifactor authentication and advanced security measures, the firm alleges a security lapse allowed the attack.
“SonicWall had reason to know that utilizing predictable device serial numbers created a plausible vulnerability that attackers could exploit,” the company stated in its lengthy complaint. “Their negligent application of easily guessable serial numbers represents a grave failure to adopt reasonable security protocols aimed at preventing unauthorized access.”
Marquis’s clientele encompasses over 700 banks and credit unions, including Artisans’ Bank of Wilmington and VeraBank of Henderson, Texas. In December, these institutions informed thousands of clients that their personal data had been compromised as a result of ransomware infiltrating Marquis’s SonicWall firewall (see: More Banks Issue Breach Notifications Over Supplier Breach).
A spokesperson for SonicWall acknowledged awareness of the claims by Marquis concerning the purported link between a SonicWall security incident and subsequent ransomware activities affecting the company. However, they emphasized the lack of technical evidence connecting the events and criticized the lawsuit for being filed without prior substantiation of allegations. SonicWall has initiated a review of the claims and is prepared to defend against what they categorize as unsupported assertions.
Nature of the Alleged Security Flaw
According to Marquis, a vulnerability was introduced by SonicWall following a code modification to its API, allowing unauthorized users to download firewall configuration backup files without appropriate authentication. They assert that if one possessed a firewall device’s serial number—characterized as predictable and algorithmically generated—they could access these backups.
“SonicWall lacked necessary encryption protocols for customer MFA scratch codes incorporated within the backup files,” Marquis noted in its complaint, warning that such exposure significantly undermines the efficacy of MFA measures in customer firewalls. The failing compromises the security framework built around the use of multifactor authentication.
On the day of the ransomware attack, Marquis reported having opened a support ticket with SonicWall; however, it claimed no substantial assistance or critical security insights were provided. Months later, SonicWall would confirm that backup files belonging to Marquis had been downloaded during the February breach and that sensitive credentials and MFA codes were compromised.
Marquis articulates that SonicWall’s failure to encrypt these critical authentication components marks a significant deviation from the expected standards of care for a cybersecurity entity. The firm contends that this breach illustrates gross negligence as SonicWall had a corporate mandate to secure client networks, especially as a provider of firewall services.
Impact on Marquis
The configuration data in question is particularly sensitive, embedding intricate details regarding firewall rules, VPN setups, credential information, SSL certificates, and MFA bypass protocols. Marquis asserts that SonicWall’s inaction—regarding the encryption of MFA scratch codes and inadequate authentication controls—has resulted in severe operational and financial setbacks.
“The repercussions of the SonicWall breach are staggering for Marquis, incurring not only legal fees but also costs related to ransom, forensic investigations, breach notifications, and remediation efforts,” the company articulated. Moreover, Marquis claims to have faced substantial reputational damage, as clients withdrew contracts prematurely, withheld payments, and sought refunds on prepayments. A national trade association even retracted an invitation for Marquis to participate in an upcoming conference.
Furthermore, Marquis now finds itself as a defendant in numerous putative class-action lawsuits seeking millions in damages tied to the August 14, 2025, incident. The firm alleges that SonicWall failed to demonstrate adequate caution in the protection of customer data while reaping financial benefits from Marquis’s business transactions, and it seeks both financial redress and equitable liability sharing amid ongoing legal challenges.
In summary, the fallout of the SonicWall breach has broadened the landscape of financial repercussions for Marquis, which claims substantial damages, including legal fees and costs arising from ransom negotiations, forensic investigations, notifications to affected parties, and subsequent remediation efforts.