Fintech firm Marquis has reportedly attributed a significant data compromise to vulnerabilities stemming from its security partner, SonicWall. The incident, which occurred in 2025, allegedly involved unauthorized access that resulted in the theft of sensitive customer information. According to several media reports, Marquis has publicly stated its intention to pursue reimbursement for costs incurred due to the breach, highlighting tensions between service providers in the cybersecurity ecosystem.
The breach at Marquis was identified as a ransomware operation that struck in August 2025.
Cybercriminals managed to infiltrate the company’s systems, extracting personal details, banking records, and Social Security numbers from numerous U.S.-based clients.
According to investigations, the attackers exploited information obtained from an earlier compromise at SonicWall, Marquis’s firewall vendor.
This prior event allowed hackers to access configuration files stored in SonicWall’s cloud-based backup system, which included critical credentials and settings necessary to bypass Marquis’s defenses.
SonicWall, a well-known provider of network security solutions, faced its own security lapse earlier in 2025.
The company initially reported the issue in September of that year, suggesting that only a small percentage—under 5%—of its clients were impacted.
However, by October, SonicWall revised its statement, admitting that the breach had affected every customer utilizing its cloud backup feature.
This revelation meant that firewall policies, configurations, and access credentials for all such users were potentially exposed. Marquis, which had only recently adopted SonicWall’s firewalls, found itself vulnerable as a result.
In response, Marquis commissioned an external review to pinpoint the root cause.
The findings confirmed that the ransomware perpetrators used the pilfered SonicWall data to evade the fintech firm’s protective measures.
A company spokesperson emphasized that while a software patch rollout was examined as a possible factor, it was deemed unrelated to the data exfiltration.
Marquis began alerting affected individuals in December 2025, with notifications reaching hundreds of thousands so far.
The total number of victims could increase as further disclosures are made to regulatory bodies, though exact figures remain undisclosed.
Marquis has taken a firm stance, communicating to its clients via an internal memo that it will seek financial recovery from SonicWall.
This includes compensation for expenses related to breach response efforts, both for the company and its customers.
The fintech entity is also reassessing its relationship with the firewall provider, signaling potential shifts in vendor partnerships to bolster future security.
From SonicWall’s perspective, the company has requested concrete proof from Marquis linking their cloud incident directly to the ransomware attack.
A representative noted that, despite ongoing discussions, no fresh evidence has surfaced connecting the breach to wider patterns of global cyber assaults targeting network devices.
SonicWall now maintains its commitment to supporting clients amid these challenges. This incident underscores broader vulnerabilities in the supply chain of cybersecurity services.
As fintech firms like Marquis handle vast troves of sensitive data, reliance on third-party providers amplifies risks.
The incident echoes concerns seen in other high-profile breaches, where cascading failures from vendors have led to widespread data exposure. Industry professionals suggest that such events may prompt stricter oversight and contractual clauses emphasizing liability in partnerships.
Moving forward, Marquis’s pursuit of recoupment could set precedents for accountability in the sector. Customers affected by the breach are advised to monitor their accounts closely and utilize offered identity protection services.