Marquis Sues SonicWall Over 2025 Firewall Knowledge Breach

Marquis Software program Options sued SonicWall for allegedly misrepresenting the scope of the breach of its MySonicWall cloud backup service and inflicting monetary and operational hurt.

See Additionally: New Automated Method to Compliance, Enterprise Threat

The Plano, Texas-based advertising and compliance software program supplier stated an attacker used uncovered credentials and configuration knowledge from the February 2025 SonicWall cloud breach to conduct a ransomware assault towards Marquis in August 2025 and entry delicate consumer knowledge. This occurred though Marquis had multifactor authentication and superior safety controls enabled, the agency stated.

“SonicWall had purpose to know that utilizing predictable gadget serial numbers created a foreseeable vulnerability that risk actors may – and did – simply exploit,” Marquis wrote in a 35-page grievance. “SonicWall’s reckless use of easy-to-predict, easy-to-brute-force serial numbers constitutes a marked failure to implement affordable and acceptable safety measures to forestall unauthorized disclosure.”

Marquis counts greater than 700 banks and credit score unions as clients together with Artisans’ Financial institution, primarily based in Wilmington, Delaware, in addition to VeraBank, primarily based in Henderson, Texas. In December, the banks notified tens of hundreds of shoppers that their private knowledge was stolen as a result of a ransomware group breaching Marquis’ SonicWall firewall (see: Extra Banks Problem Breach Notifications Over Provider Breach).

“We’re conscious of a declare from Marquis alleging a connection between a SonicWall safety incident and subsequent ransomware exercise affecting their atmosphere,” a SonicWall spokesperson informed Data Safety Media Group. “At the moment, we now have not recognized any technical proof establishing a hyperlink between these occasions. Sadly, the shopper filed a lawsuit with out offering documentation to substantiate its allegations prematurely. We’re reviewing these claims now and are ready to vigorously defend any unsubstantiated claims.”

How SonicWall Allegedly Launched an Exploitable Flaw

SonicWall in February 2025 launched a vulnerability by a code change to its API that enabled unauthorized actors to obtain firewall configuration backup recordsdata with out correct authentication. Anybody possessing a firewall gadget serial quantity – which the grievance describes as predictable and algorithmically generatable – may retrieve configuration backups, in line with Marquis.

“SonicWall had saved buyer MFA scratch codes inside the configuration backup recordsdata with out encrypting them,” Marquis wrote within the grievance. “MFA scratch codes inside the stolen configurations might be used to bypass MFA necessities in buyer firewalls. Publicity of MFA scratch codes poses a transparent and substantial threat to an organization utilizing MFA together with its SonicWall firewall.”

Marquis stated it opened a help ticket with SonicWall the day it was hit by a ransomware assault however by no means obtained significant help or essential safety info in response. Months later, Marquis stated SonicWall confirmed that Marquis’s firewall backup recordsdata had been downloaded throughout the February 2025 cloud incident and that the breach had uncovered credentials and MFA scratch codes.

“SonicWall’s failure to encrypt the scratch codes is an egregious departure from the traditional customary of care anticipated of an organization in SonicWall’s place,” Marquis wrote within the grievance.

Marquis stated SonicWall launched an exploitable vulnerability by an API code change, allowed predictable gadget serial numbers to function entry keys to configuration backups, did not encrypt delicate components of configuration recordsdata and did not detect unauthorized entry for a number of months. As a safety supplier, Marquis stated SonicWall is topic to heightened expectations {of professional} care.

“SonicWall’s breach was an excessive departure from the peculiar customary of care and gross negligence in that SonicWall, a cybersecurity firm whose industrial function was to guard its clients’ networks – together with by promoting and servicing firewalls – saved copies of its clients’ firewall configuration knowledge within the cloud, did not encrypt essential elements of that knowledge,” Marquis wrote.

How SonicWall’s Cloud Backup Breach Allegedly Harmed Marquis

Firewall configuration knowledge is uniquely delicate and accommodates detailed blueprints of firewall guidelines, VPN configurations, credential info, SSL certificates and MFA bypass codes. Marquis alleges that SonicWall did not encrypt MFA scratch codes, forestall brute-force or predictable serial quantity exploitation or implement correct authentication controls on backup file entry.

“The SonicWall Breach has created astounding monetary repercussions for Marquis,” Marquis wrote. “These prices have included, however should not restricted to, authorized prices and prices related to the ransom demand, the forensic investigation, breach notifications and remediations. Along with these prices, Marquis has suffered important industrial and reputational hurt.”

Marquis stated shoppers terminated contracts prematurely, refused to pay excellent quantities, and in some circumstances, sought return of pay as you go charges. Marquis additional alleges {that a} nationwide commerce affiliation disinvited it from a convention and refused to permit it to function a lead sponsor as a result of reputational fallout.

“Marquis has suffered important industrial and reputational hurt as a direct results of the SonicWall Breach,” the corporate wrote. “Marquis has additionally been named as a defendant in dozens of putative class actions, which search hundreds of thousands of {dollars} in damages in relation to the August 14, 2025, incident.”

Marquis alleged that SonicWall did not train affordable care in safeguarding buyer knowledge and detecting the breach, and retained the monetary advantages of Marquis’s funds regardless of failing to offer safe companies. Marquis additionally seeks reimbursement or equitable allocation of legal responsibility with SonicWall if judgments are entered towards Marquis within the shopper class motion lawsuits it faces.

“The SonicWall Breach has created astounding monetary repercussions for Marquis,” Marquis wrote. “These prices have included, however should not restricted to, authorized prices and prices related to the ransom demand, the forensic investigation, breach notifications and remediations.”