Fintech firm Marquis has taken a bold step in the aftermath of its August 2025 ransomware attack, blaming its firewall provider SonicWall for the breach that allowed hackers to steal customers' personal and financial data. In a memo shared with customers this week, Marquis revealed that it plans to seek compensation from SonicWall, citing the company's own data breach as the root cause of the problem.

According to the memo, seen by TechCrunch, Marquis believes that SonicWall's earlier breach exposed critical security information about its customers' firewalls, allowing hackers to obtain the necessary credentials to launch a ransomware attack against Marquis. The company confirmed that it had stored a backup of its firewall configuration file in SonicWall's cloud, which was compromised during the earlier breach.

"In September 2025, after the data security incident affected our systems, our firewall service provider, an industry-leading cybersecurity company, publicly disclosed that a threat actor had earlier in the year gained unauthorized access to its cloud backup service," said Hanna Grimm, an agency spokesperson representing Marquis. "Marquis had recently begun using this provider's firewalls to help protect our network."

SonicWall has denied any wrongdoing, saying that it has asked Marquis for evidence to substantiate its claims and would continue to engage with the company. "We have no new evidence to establish a connection between the SonicWall security incident reported in September 2025 and ongoing global ransomware attacks on firewalls and other edge devices," said Bret Fitzgerald, a spokesperson for SonicWall.

The Texas-based Marquis, which allows hundreds of banks and credit unions to visualize their customers' data, began notifying hundreds of thousands of people last month that their information was taken during its ransomware attack. The company has access to large amounts of data belonging to consumer banking customers across the U.S., including personal information, financial data, and Social Security numbers, which the hackers stole.

Marquis' spokesperson declined to provide a number of how many individuals are affected by its data breach, but the number is expected to rise as new data breach notifications are submitted to state attorneys general. The company has called in a third party to investigate whether a patch it had failed to roll out at the time of the breach could have been to blame, but concluded that the patch related to a flaw was not exploitable in a way that could have allowed hackers to access the company's data.

The controversy surrounding Marquis' data breach has left many questions unanswered. Do you work at Marquis or a company affected by the breach? We would love to hear from you. To securely contact this reporter, you can reach out using Signal via the username zackwhittaker.1337

Zack Whittaker is the security editor at TechCrunch. He also authors the weekly cybersecurity newsletter, "This Week in Security." You can reach him via encrypted message at zackwhittaker.1337 on Signal or by email at zack.whittaker@techcrunch.com.