Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Financial technology company Marquis has told customers that it plans to seek compensation from its firewall provider after blaming the company for a breach that allowed hackers to steal its customers’ personal and financial data.
In a memo shared with customers this week and seen by TechCrunch, Marquis said it believes the August 2025 ransomware attack occurred because the company’s firewall service provider SonicWall had a data breach of its own that exposed critical security information about its customers’ firewalls. This previous SonicWall hack allowed hackers to obtain the credentials needed to launch a ransomware attack against Marquis, the memo said.
Marquis said its third-party investigation found that hackers obtained information about its firewall during the SonicWall hack, which Marquis claims was used to circumvent its firewall. Marquis confirmed on the call that it stored a backup of its firewall configuration file in the SonicWall cloud.
The company was “evaluating its options” regarding its firewall provider, including “reimbursing any expenses incurred by Marquis and its customers in responding to the data incident,” according to the memo.
When reached for comment, Hanna Grimm, a spokeswoman for the agency representing Marquis, did not address or dispute the company’s recent communications with customers, but repeated the allegation linking the hack to a previous theft of its firewall configuration.
“In September 2025, after a data security incident impacted our systems, our firewall service provider, a leading cybersecurity company, publicly disclosed that a threat actor had earlier in the year gained unauthorized access to its cloud backup service,” the statement read.
“Marquis recently began using this provider’s firewalls to help protect our network,” the statement added. “While the provider initially reported that less than 5% of customers were affected, it later clarified in October 2025 that firewall configuration data and credentials associated with all customers using the cloud backup service, including Marquis, had been accessed.”
When TechCrunch contacted SonicWall spokesperson Brett Fitzgerald, he said the company asked Marquis for evidence to prove its claims and said it would continue to do business with its customers.
“We have no new evidence proving a link between the SonicWall security incident reported in September 2025 and ongoing global ransomware attacks on firewalls and other peripheral devices,” Fitzgerald said.
Started by Texas-based Marquis, which allows hundreds of banks and credit unions to visualize their customer data Hundreds of thousands of people were notified last month That their information was taken during a ransomware attack.
The company had access to large amounts of data on consumer banking customers across the United States, including personal information, financial data and Social Security numbers, which was stolen by hackers.
Sonic Wall He was waived in October The previous breach of its systems had in fact affected all of its customers who had backed up their firewall files to the SonicWall cloud. He had earlier said hackers It stole only a portion of its clients’ firewall configuration files Contains policies and settings.
In the communication seen by TechCrunch, Marquis said it brought in a third party to investigate whether a patch it failed to roll out at the time of the hack was to blame, but concluded that the patch related to a flaw that was not exploitable in a way that could allow hackers to access company data.
A Marquis spokesperson declined to provide the number of individuals affected by the data breach. The number of individuals known to be affected by the breach is expected to rise as new data breach notifications are filed with state attorneys general.
Do you know more about the Marquis data breach? Do you work for Marquis or a company affected by the hack? We would love to hear from you. To communicate securely with this reporter, you can contact him using Signal via the username: zackwhittaker.1337