- Marquis suffers ransomware attack, losing sensitive customer and financial data
- Company blames SonicWall breach, though SonicWall denies direct connection
- Attack linked to Akira, a Russian state-sponsored ransomware group targeting SonicWall systems
Marquis, a US fintech company building software for banks and credit unions, has confirmed suffering a ransomware attack and losing sensitive customer data, but shifted the blame onto its firewall provider, SonicWall.
In mid-September 2025, SonicWall warned its firewall customers to reset their passwords after unnamed threat actors brute-forced their way into the company’s MySonicWall cloud service. This tool allows SonicWall firewall users (typically businesses and IT teams) to back up their firewall configuration files, including network rules and access policies, VPN configurations, service credentials (LDAP, RADIUS, SNMP), or admin usernames and passwords (if stored in config).
At first, SonicWall claimed fewer than 5% of its customer base was affected but later concluded that everyone lost their backups to hackers.
Asking for proof
Now, in a memo shared with its customers, Marquis confirmed to have been among the affected ones, and said it was evaluating its options to have SonicWall compensate for the damages.
SonicWall, on the other hand, hinted that there is no evidence the two breaches are connected:
“We have no new evidence to establish a connection between the SonicWall security incident reported in September 2025 and ongoing global ransomware attacks on firewalls and other edge devices,” SonicWall spokesperson Bret Fitzgerald told TechCrunch.
Marquis’s clients count “hundreds” of banks and credit unions, who use their tools to visualize customer data. When cybercriminals broke in, they stole large amounts of data, including personal information, financial information, and Social Security Numbers (SSN). We don’t know exactly how many customers are affected.
Attack attribution is rather tricky. Back in late September, SonicWall itself said the attack was most likely done by a state-sponsored threat actor but did not name any names. In the meantime, multiple security outlets blamed the Marquis attack on a ransomware operator called Akira, a Russian state-sponsored actor known for targeting SonicWall infrastructure.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
https://cdn.mos.cms.futurecdn.net/zjafjw6AeTXTuuLetiazgC-970-80.jpg
Source link
