- Marquis is hit by ransomware attacks and loses sensitive customer and financial data
- The company blames SonicWall breaches, although SonicWall denies direct connection
- Attack linked to Akira, a Russian state-sponsored ransomware group targeting SonicWall systems
Marquis, a US fintech company that builds software for banks and credit unions, has confirmed it suffered a ransomware attack and lost sensitive customer data, but has shifted the blame to its firewall provider, SonicWall.
In mid-September 2025, SonicWall warned its firewall customers to reset their passwords after unnamed threat actors brute-forced their way into the company’s MySonicWall cloud service. This tool allows SonicWall firewall users (typically corporate and IT teams) to back up their firewall configuration files, including network rules and access policies, VPN configurations, service credentials (LDAP, RADIUS, SNMP), or admin usernames and passwords (if stored in configuration).
At first, SonicWall claimed that less than 5% of its customer base was affected, but later concluded that everyone lost their backups to hackers.
Asking for proof
Now, in a memo shared with its customers, Marquis confirmed it was among those affected and said it was evaluating its options to have SonicWall compensate for the damages.
SonicWall, on the other hand, suggested that there is no evidence that the two breaches are connected:
“We have no new evidence to establish a link between the SonicWall security incident reported in September 2025 and ongoing global ransomware attacks on firewalls and other edge devices,” SonicWall spokesman Bret Fitzgerald said. TechCrunch.
Marquis’ customers number in the “hundreds” of banks and credit unions that use its tools to visualize customer data. When cybercriminals broke in, they stole large amounts of data, including personal information, financial information, and Social Security Numbers (SSN). We do not know exactly how many customers are affected.
Attack attribution is quite difficult. Back in late September, SonicWall itself said that the attack was most likely carried out by a state-sponsored threat actor, but did not name any names. Meanwhile, several security outlets blamed the Marquis attack on a ransomware operator named Akira, a Russian state-sponsored actor known for targeting SonicWall infrastructure.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
