**Marquis Blames Ransomware Breach on SonicWall Cloud Backup Hack**

In a shocking revelation, Marquis Software Solutions, a Texas-based financial services provider, has claimed that the ransomware attack that impacted its systems and affected dozens of U.S. banks and credit unions in August 2025 was actually caused by a security breach reported by SonicWall a month later.

**The Unexpected Twist**

Contrary to initial reports that suggested the ransomware operators exploited an unpatched SonicWall firewall, Marquis has revealed that the attackers used information obtained from firewall configuration backup files stolen after gaining unauthorized access to SonicWall's MySonicWall online customer portal. In statements to customers earlier this week seen by BleepingComputer, Marquis explained: "Based on the ongoing third-party investigation, we have determined that the threat actor that attacked Marquis was able to circumvent our firewall by leveraging the configuration data extracted from the service provider's cloud backup breach."

**SonicWall's Cloud Backup Breach**

This revelation raises questions about SonicWall's handling of its MySonicWall online customer portal and its cloud backup service. In September, SonicWall disclosed a security breach that affected only about 5% of its firewall customers using its cloud backup service. However, roughly three weeks later, the company issued an update confirming that all customers using its cloud backup service were affected by the September breach.

**A Month Later, More Questions Arise**

One month after the initial disclosure, SonicWall published another update stating that a Mandiant investigation into the September attack found evidence linking the incident to state-sponsored hackers. However, this revelation has sparked further questions about the potential vulnerabilities of SonicWall's cloud backup service and its customers' data.

**The Fallout Continues**

Marquis is now evaluating its options with respect to the firewall provider, including seeking recoupment of any expenses spent by Marquis and its customers in responding to the data incident. This decision comes as cybersecurity company Huntress reported on October 13 that it had observed threat actors compromising over 100 SonicWall SSLVPN accounts in a large-scale campaign using stolen, valid credentials.

**The Bigger Picture**

The Marquis data breach has impacted over 74 US banks and credit unions, highlighting the interconnectedness of the financial services industry. As cybersecurity threats continue to evolve, it is essential for companies like Marquis and SonicWall to prioritize their security measures and ensure that their customers' data remains protected.

**Related Stories**

* [Ingram Micro says ransomware attack affected 42,000 people](https://www.bleepingcomputer.com/news/security/ingram-micro-says-ransomware-attack-affected-42000-people/) * [University of Hawaii Cancer Center hit by ransomware attack](https://www.bleepingcomputer.com/news/security/university-of-hawaii-cancer-center-hit-by-ransomware-attack/) * [Covenant Health says May data breach impacted nearly 478,000 patients](https://www.bleepingcomputer.com/news/security/covenant-health-says-may-data-breach-impacted-nearly-478000-patients/) * [University of Phoenix data breach impacts nearly 3.5 million individuals](https://www.bleepingcomputer.com/news/security/university-of-phoenix-data-breach-impacts-nearly-35-million-individuals/)