The complaint alleges SonicWall’s catastrophic cloud backup breach in 2025 exposed Marquis’s firewall configurations, enabling a ransomware attack on August 14, 2025.
Despite MFA and up-to-date firewalls, attackers bypassed defenses using stolen data like unencrypted MFA scratch codes and credentials from SonicWall’s MySonicWall service.
SonicWall introduced a vulnerability in February 2025 via an API code change, allowing threat actors to access all cloud-stored firewall backups using predictable serial numbers, with no authentication required.
Detected in September 2025, SonicWall initially claimed an impact on under 5% of customers but later confirmed all MySonicWall users were affected after Mandiant’s probe.
Exposed files included AES-256 encrypted credentials, VPN setups, firewall rules, and MFA bypass codes, heightening targeted attack risks.
Attackers encrypted Marquis’s network, stealing PII (names, SSNs, financial data) from over 400,000 individuals across 700+ financial clients.
Marquis incurred remediation costs, notifications, credit monitoring, and now defends 36+ class actions plus a trade secrets suit. Clients terminated contracts, harming revenue and reputation; a trade group even revoked sponsorship.
No CVE directly assigns to the API flaw, but related SonicWall flaws aided exploitation.
| CVE ID | Description | CVSS Score | Affected Products | Patch Status |
|---|---|---|---|---|
| CVE-2024-40766 | Improper access control in SSL VPN (Gen6-to-Gen7 migration); enables unauthorized resource access. | 9.3 (Critical) | SonicWall firewalls (Gen7) | Patched; reset legacy accounts. |
| CVE-2024-53704 | SSL VPN swap cookie/session ID leak; allows session hijacking. | Not specified | SonicWall SSL VPN | Patched. |
Marquis seeks damages for negligence, gross negligence, unjust enrichment, misrepresentation, contribution, and indemnity, citing SonicWall’s failure to encrypt data, detect intrusion for months, and disclose promptly.
Losses include investigation fees, lost profits, lawsuits, and an enterprise value drop. SonicWall ignored early inquiries, confirming PSIRT-aligned attack patterns later.
This case underscores supply chain risks: vendors like SonicWall must encrypt backups, monitor APIs rigorously, and disclose breaches promptly.
Financial firms face cascading PII exposures; experts urge credential resets, offline backups, and zero-trust segmentation.
Marquis’s suit may spur vendor accountability amid rising ransomware via config theft.
Follow us on Google News, LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google
The post Marquis Files Lawsuit Against SonicWall After Backup Breach Triggers Ransomware Incident appeared first on Cyber Security News.
Assassin's Creed: Black Flag Resynced, Ubisoft's long-awaited pirate game remake, will feature major changes when…
Zapier has announced a raft of governance updates to strengthen compliance and security for IT…
At Qlik Connect 2026, several companies took the stage to share their transformation journeys, highlighting…
Infor has published the results of its Infor Enterprise AI Adoption Impact Index, new proprietary…
Godzilla is set to burst back on to theater screens in Godzilla Minus Zero in…
Darrell Sheets, one of the stars of the hit A&E reality series Storage Wars, has…
This website uses cookies.