Marquis Sues SonicWall Over 2025 Firewall Information Breach

Marquis Software program Options sued SonicWall for allegedly misrepresenting the scope of the breach of its MySonicWall cloud backup service and inflicting monetary and operational hurt.

See Additionally: New Automated Strategy to Compliance, Enterprise Danger

The Plano, Texas-based advertising and compliance software program supplier stated an attacker used uncovered credentials and configuration information from the February 2025 SonicWall cloud breach to conduct a ransomware assault towards Marquis in August 2025 and entry delicate consumer information. This occurred regardless that Marquis had multifactor authentication and superior safety controls enabled, the agency stated.

“SonicWall had purpose to know that utilizing predictable system serial numbers created a foreseeable vulnerability that menace actors may – and did – simply exploit,” Marquis wrote in a 35-page criticism. “SonicWall’s reckless use of easy-to-predict, easy-to-brute-force serial numbers constitutes a marked failure to implement cheap and acceptable safety measures to forestall unauthorized disclosure.”

Marquis counts greater than 700 banks and credit score unions as clients together with Artisans’ Financial institution, based mostly in Wilmington, Delaware, in addition to VeraBank, based mostly in Henderson, Texas. In December, the banks notified tens of hundreds of consumers that their private information was stolen attributable to a ransomware group breaching Marquis’ SonicWall firewall (see: Extra Banks Challenge Breach Notifications Over Provider Breach).

“We’re conscious of a declare from Marquis alleging a connection between a SonicWall safety incident and subsequent ransomware exercise affecting their atmosphere,” a SonicWall spokesperson instructed Data Safety Media Group. “Right now, we’ve got not recognized any technical proof establishing a hyperlink between these occasions. Sadly, the shopper filed a lawsuit with out offering documentation to substantiate its allegations upfront. We’re reviewing these claims now and are ready to vigorously defend any unsubstantiated claims.”

How SonicWall Allegedly Launched an Exploitable Flaw

SonicWall in February 2025 launched a vulnerability via a code change to its API that enabled unauthorized actors to obtain firewall configuration backup information with out correct authentication. Anybody possessing a firewall system serial quantity – which the criticism describes as predictable and algorithmically generatable – may retrieve configuration backups, in keeping with Marquis.

“SonicWall had saved buyer MFA scratch codes throughout the configuration backup information with out encrypting them,” Marquis wrote within the criticism. “MFA scratch codes throughout the stolen configurations might be used to bypass MFA necessities in buyer firewalls. Publicity of MFA scratch codes poses a transparent and substantial danger to an organization utilizing MFA along with its SonicWall firewall.”

Marquis stated it opened a assist ticket with SonicWall the day it was hit by a ransomware assault however by no means obtained significant help or crucial safety info in response. Months later, Marquis stated SonicWall confirmed that Marquis’s firewall backup information had been downloaded in the course of the February 2025 cloud incident and that the breach had uncovered credentials and MFA scratch codes.

“SonicWall’s failure to encrypt the scratch codes is an egregious departure from the traditional customary of care anticipated of an organization in SonicWall’s place,” Marquis wrote within the criticism.

Marquis stated SonicWall launched an exploitable vulnerability via an API code change, allowed predictable system serial numbers to function entry keys to configuration backups, didn’t encrypt delicate parts of configuration information and didn’t detect unauthorized entry for a number of months. As a safety supplier, Marquis stated SonicWall is topic to heightened expectations {of professional} care.

“SonicWall’s breach was an excessive departure from the abnormal customary of care and gross negligence in that SonicWall, a cybersecurity firm whose industrial function was to guard its clients’ networks – together with by promoting and servicing firewalls – saved copies of its clients’ firewall configuration information within the cloud, didn’t encrypt crucial parts of that information,” Marquis wrote.

How SonicWall’s Cloud Backup Breach Allegedly Harmed Marquis

Firewall configuration information is uniquely delicate and incorporates detailed blueprints of firewall guidelines, VPN configurations, credential info, SSL certificates and MFA bypass codes. Marquis alleges that SonicWall didn’t encrypt MFA scratch codes, stop brute-force or predictable serial quantity exploitation or implement correct authentication controls on backup file entry.

“The SonicWall Breach has created astounding monetary repercussions for Marquis,” Marquis wrote. “These prices have included, however will not be restricted to, authorized prices and prices related to the ransom demand, the forensic investigation, breach notifications and remediations. Along with these prices, Marquis has suffered vital industrial and reputational hurt.”

Marquis stated purchasers terminated contracts prematurely, refused to pay excellent quantities, and in some instances, sought return of pay as you go charges. Marquis additional alleges {that a} nationwide commerce affiliation disinvited it from a convention and refused to permit it to function a lead sponsor attributable to reputational fallout.

“Marquis has suffered vital industrial and reputational hurt as a direct results of the SonicWall Breach,” the corporate wrote. “Marquis has additionally been named as a defendant in dozens of putative class actions, which search hundreds of thousands of {dollars} in damages in relation to the August 14, 2025, incident.”

Marquis alleged that SonicWall didn’t train cheap care in safeguarding buyer information and detecting the breach, and retained the monetary advantages of Marquis’s funds regardless of failing to offer safe companies. Marquis additionally seeks reimbursement or equitable allocation of legal responsibility with SonicWall if judgments are entered towards Marquis within the shopper class motion lawsuits it faces.

“The SonicWall Breach has created astounding monetary repercussions for Marquis,” Marquis wrote. “These prices have included, however will not be restricted to, authorized prices and prices related to the ransom demand, the forensic investigation, breach notifications and remediations.”