PLANO, Texas— Marquis Software Solutions has filed suit against SonicWall, alleging a 2025 cloud vulnerability enabled a ransomware attack that exposed sensitive data tied to hundreds of financial institutions, including many credit unions.
The litigation follows the widely reported Marquis breach that, as CUToday.info has extensively covered, triggered breach notifications across the credit-union system. Bank Info Security detailed the complaint and the vendor’s allegations.
According to Bank Info Security, Marquis claims an attacker leveraged exposed credentials and firewall configuration data stemming from a February 2025 SonicWall cloud incident to launch a ransomware attack in August 2025. Marquis said the intrusion occurred despite multifactor authentication and other security controls being in place.
In a 35-page complaint summarized by Bank Info Security, Marquis alleges SonicWall introduced an exploitable flaw through an API code change that allowed unauthorized downloads of firewall configuration backup files. The company contends device serial numbers were predictable and could be algorithmically generated, enabling threat actors to retrieve sensitive backups.
Those backups allegedly contained unencrypted MFA “scratch codes,” which Marquis argues could be used to bypass multifactor protections. Months after the ransomware attack, SonicWall confirmed that Marquis’ configuration backups had been downloaded during the earlier cloud incident, exposing credentials and related data, Bank Info Security reported.
SonicWall told Information Security Media Group, parent of Bank Info Security, that it is reviewing the claims and has not identified technical evidence establishing a link between its cloud incident and the subsequent ransomware activity. The company said it intends to vigorously defend against what it described as unsubstantiated allegations.
Marquis serves more than 700 banks and credit unions, including Delaware-based Artisans’ Bank and Texas-based VeraBank. In December, multiple institutions notified customers that personal data had been compromised following the ransomware attack tied to Marquis’ SonicWall firewall environment, according to Bank Info Security. As CUToday.info has reported, the fallout has affected numerous credit unions, with member notifications and remediation costs mounting.
Marquis alleges the breach has produced significant financial and reputational harm, including legal expenses, forensic costs, ransom-related impacts, contract terminations and class-action litigation. The company is seeking damages and equitable allocation of liability, arguing SonicWall failed to exercise reasonable care in safeguarding customer firewall data.