The complaint alleges SonicWall’s catastrophic cloud backup breach in 2025 exposed Marquis’s firewall configurations, enabling a ransomware attack on August 14, 2025.
Despite MFA and up-to-date firewalls, attackers bypassed defenses using stolen data like unencrypted MFA scratch codes and credentials from SonicWall’s MySonicWall service.
SonicWall introduced a vulnerability in February 2025 via an API code change, allowing threat actors to access all cloud-stored firewall backups using predictable serial numbers, with no authentication required.
Detected in September 2025, SonicWall initially claimed an impact on under 5% of customers but later confirmed all MySonicWall users were affected after Mandiant’s probe.
Exposed files included AES-256 encrypted credentials, VPN setups, firewall rules, and MFA bypass codes, heightening targeted attack risks.
Attackers encrypted Marquis’s network, stealing PII (names, SSNs, financial data) from over 400,000 individuals across 700+ financial clients.
Marquis incurred remediation costs, notifications, credit monitoring, and now defends 36+ class actions plus a trade secrets suit. Clients terminated contracts, harming revenue and reputation; a trade group even revoked sponsorship.
No CVE directly assigns to the API flaw, but related SonicWall flaws aided exploitation.
| CVE ID | Description | CVSS Score | Affected Products | Patch Status |
|---|---|---|---|---|
| CVE-2024-40766 | Improper access control in SSL VPN (Gen6-to-Gen7 migration); enables unauthorized resource access. | 9.3 (Critical) | SonicWall firewalls (Gen7) | Patched; reset legacy accounts. |
| CVE-2024-53704 | SSL VPN swap cookie/session ID leak; allows session hijacking. | Not specified | SonicWall SSL VPN | Patched. |
Marquis seeks damages for negligence, gross negligence, unjust enrichment, misrepresentation, contribution, and indemnity, citing SonicWall’s failure to encrypt data, detect intrusion for months, and disclose promptly.
Losses include investigation fees, lost profits, lawsuits, and an enterprise value drop. SonicWall ignored early inquiries, confirming PSIRT-aligned attack patterns later.
This case underscores supply chain risks: vendors like SonicWall must encrypt backups, monitor APIs rigorously, and disclose breaches promptly.
Financial firms face cascading PII exposures; experts urge credential resets, offline backups, and zero-trust segmentation.
Marquis’s suit may spur vendor accountability amid rising ransomware via config theft.
Follow us on Google News, LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google
The post Marquis Files Lawsuit Against SonicWall After Backup Breach Triggers Ransomware Incident appeared first on Cyber Security News.
That’s coming on a little strong, maybe. | Image: Vera C. Rubin Observatory The Vera…
Threat actors are deploying a new phishing campaign that uses fake Zoom and Google Meet…
Cybersecurity researchers at Infoblox Threat Intel have uncovered a highly sophisticated phishing campaign that exploits…
Welcome to the weekend, friends! While the rest of our team was checking out Samsung’s…
Peacock was the sole streaming service for the 2026 Winter Olympics and the Super Bowl…
Magic: The Gathering is a fantastic card game, but the Commander format has given it…
This website uses cookies.