- Marquis suffers ransomware attack, losing sensitive customer and financial data
- Company Blames SonicWall for Infringement, Although SonicWall Denies Direct Connection
- Attack linked to Akira, a Russian state-sponsored ransomware group targeting SonicWall systems
Marquis, a US financial technology company that develops software for banks and credit unions, confirmed that it suffered a ransomware attack and lost sensitive customer data, but placed the blame on its firewall provider, SonicWall.
In mid-September 2025, SonicWall warned its firewall customers to reset their passwords after anonymous threat actors forced their way into the company’s MySonicWall cloud service. This tool allows SonicWall Firewall users (typically businesses and IT teams) to back up their firewall configuration files, including network rules and access policies, VPN configurations, service credentials (LDAP, RADIUS, SNMP), or administrator usernames and passwords (if stored in the configuration).
At first, SonicWall claimed that less than 5% of its customer base was affected, but later concluded that everyone had lost their backups to the hackers.
Request proof
Now, in a note shared with its customers, Marquis has confirmed that it is among those affected and said it is evaluating its options for SonicWall to compensate for damages.
SonicWall, on the other hand, suggested that there was no evidence that the two violations were related:
“We have no new evidence to link the SonicWall security incident reported in September 2025 to ongoing global ransomware attacks on firewalls and other edge devices,” said SonicWall spokesperson Bret Fitzgerald. TechCrunch.
Marquis’ customers include “hundreds” of banks and credit unions, which use their tools to visualize customer data. When cybercriminals broke in, they stole large amounts of data, including personal information, financial information, and Social Security numbers (SSN). We do not know exactly how many customers are affected.
Attributing attacks is rather tricky. In late September, SonicWall itself said the attack was most likely carried out by a state-sponsored threat actor, but did not name any names. Meanwhile, several security media outlets have blamed the Marquis attack on a ransomware operator called Akira, a Russian state-sponsored actor known for targeting SonicWall infrastructure.
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
