By rssfeeds-admin 
The complaint alleges SonicWall’s catastrophic cloud backup breach in 2025 exposed Marquis’s firewall configurations, enabling a ransomware attack on August 14, 2025.
Despite MFA and up-to-date firewalls, attackers bypassed defenses using stolen data like unencrypted MFA scratch codes and credentials from SonicWall’s MySonicWall service.
SonicWall Breach Details
SonicWall introduced a vulnerability in February 2025 via an API code change, allowing threat actors to access all cloud-stored firewall backups using predictable serial numbers, with no authentication required.
Detected in September 2025, SonicWall initially claimed an impact on under 5% of customers but later confirmed all MySonicWall users were affected after Mandiant’s probe.
Exposed files included AES-256 encrypted credentials, VPN setups, firewall rules, and MFA bypass codes, heightening targeted attack risks.
Attackers encrypted Marquis’s network, stealing PII (names, SSNs, financial data) from over 400,000 individuals across 700+ financial clients.
Marquis incurred remediation costs, notifications, credit monitoring, and now defends 36+ class actions plus a trade secrets suit. Clients terminated contracts, harming revenue and reputation; a trade group even revoked sponsorship.
Associated Vulnerabilities
No CVE directly assigns to the API flaw, but related SonicWall flaws aided exploitation.
| CVE ID | Description | CVSS Score | Affected Products | Patch Status |
|---|---|---|---|---|
| CVE-2024-40766 | Improper access control in SSL VPN (Gen6-to-Gen7 migration); enables unauthorized resource access. | 9.3 (Critical) | SonicWall firewalls (Gen7) | Patched; reset legacy accounts. |
| CVE-2024-53704 | SSL VPN swap cookie/session ID leak; allows session hijacking. | Not specified | SonicWall SSL VPN | Patched. |
Marquis seeks damages for negligence, gross negligence, unjust enrichment, misrepresentation, contribution, and indemnity, citing SonicWall’s failure to encrypt data, detect intrusion for months, and disclose promptly.
Losses include investigation fees, lost profits, lawsuits, and an enterprise value drop. SonicWall ignored early inquiries, confirming PSIRT-aligned attack patterns later.
This case underscores supply chain risks: vendors like SonicWall must encrypt backups, monitor APIs rigorously, and disclose breaches promptly.
Financial firms face cascading PII exposures; experts urge credential resets, offline backups, and zero-trust segmentation.
Marquis’s suit may spur vendor accountability amid rising ransomware via config theft.
Follow us on Google News, LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google
The post Marquis Files Lawsuit Against SonicWall After Backup Breach Triggers Ransomware Incident appeared first on Cyber Security News.
Discover more from RSS Feeds Cloud
Subscribe to get the latest posts sent to your email.