Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Fintech firm Marquis has told clients that it plans to seek compensation from a fire service provider after it accused the company of breaking laws that allow hackers to steal customer and financial information.
In a memo shared with clients this week and seen by TechCrunch, Marquis said he believed the August 2025 ransomware attack was caused by the company’s firewall provider SonicWall having its own data breach that exposed security information about its customers. The initial breach of SonicWall allowed the hackers to obtain the information necessary to launch the attack on Marquis, the memo said.
Mr. Marquis said his third-party investigation determined that hackers obtained information about his firewall in the SonicWall breach, which Mr. Marquis says was used to secure his firewall. Marquis confirmed in the interview that he backed up his firewall configuration file in the SonicWall cloud.
The company is “evaluating its options” regarding its fire service provider, including “reimbursing any costs incurred by Marquis and its customers in response to the incident,” according to the memo.
When reached for comment, Hanna Grimm, a spokeswoman for Marquis, did not comment on or deny the company’s recent communications with customers, but reiterated the connection between the breach and the theft of the original firewall configuration.
“In September 2025, which affected the security of data on our systems, a fire service provider, a leading cybersecurity company, publicly disclosed that an attacker had already gained access to cloud backups,” he said.
“Marquis had just started using this agent’s firewall to protect our network,” he said. “Although the provider reported that less than 5% of customers were affected, it later explained in October 2025 that firewall configuration information and information associated with all customers using the cloud backup service, including Marquis, were found.”
Contacted by TechCrunch, SonicWall spokesman Bret Fitzgerald said the company had asked Marquis to provide evidence to support his claims and said it would continue to engage with its client.
“We have no new evidence to establish a connection between the SonicWall security breach that occurred in September 2025 and the worldwide attacks on ransomware and other edge devices,” Fitzgerald said.
Texas-based Marquis, which allows hundreds of banks and credit unions to track their customers’ credit, has launched. informing hundreds of thousands of people last month that their information was taken during the ransomware attack.
The company has access to information about US banking customers, including personal information, financial information, and Social Security numbers, which the hackers stole.
SonicWall received in October that the initial breach of its systems also affected all of its customers who stored their files on the SonicWall cloud. They had already said hackers he stole only a small portion of his client’s configuration files There are policies and settings.
In a communication seen by TechCrunch, Mr. Marquis said he called in a third party to investigate whether the patch that failed to release during the breach was to blame, but determined that the patch was related to a bug that was not used in a way that would have allowed hackers to gain access to the company’s information.
A spokesperson for Marquis declined to provide a number of people affected by its data breach. The number of people who are known to have been affected by the breach is expected to rise as new data breach notifications are submitted to state attorneys general.
Do you know more about the data breach at Marquis? Do you work for Marquis or a company affected by this violation? We want to hear from you. To contact this reporter securely, you can reach him using Signal via the username: zackwhittaker.1337
