- Marquis suffers ransomware attack and loses sensitive customer and financial data
- The company blames SonicWall for the breach, although SonicWall denies a direct connection
- Attack linked to Akira, a Russian state-sponsored ransomware group targeting SonicWall systems
Marquis, an American financial technology company that creates software for banks and credit unions, confirmed that it suffered a ransomware attack and lost sensitive customer data, but blamed its firewall provider, SonicWall.
In mid-September 2025, SonicWall warned its firewall customers to reset their passwords after anonymous threat actors broke into the company’s MySonicWall cloud service. This tool allows SonicWall firewall users (typically businesses and IT teams) to back up their firewall configuration files, including network rules and access policies, VPN configurations, service credentials (LDAP, RADIUS, SNMP), or administrator usernames and passwords (if stored in configuration).
At first, SonicWall claimed that less than 5% of its customer base was affected, but later concluded that everyone lost their backups to hackers.
asking for evidence
Now, in a memo shared with its customers, Marquis confirmed that it was among those affected and said it was evaluating its options to have SonicWall compensate for the damages.
SonicWall, on the other hand, hinted that there is no evidence that the two breaches are connected:
“We have no new evidence to establish a connection between the SonicWall security incident reported in September 2025 and ongoing global ransomware attacks against firewalls and other perimeter devices,” said SonicWall spokesperson Bret Fitzgerald. TechCrunch.
Marquis customers have “hundreds” of banks and credit unions using their tools to view customer data. When cybercriminals broke in, they stole large amounts of data, including personal information, financial information, and social security numbers (SSN). We don’t know exactly how many customers are affected.
Attack attribution is quite complicated. In late September, SonicWall itself said the attack was likely carried out by a state-sponsored threat actor, but did not name any names. Meanwhile, several security outlets blamed the Marquis attack on a ransomware operator called Akira, a Russian state-sponsored actor known for attacking SonicWall infrastructure.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
