SonicWall and Marquis Software Solutions: Marquis Sues SonicWall, Alleges 2025 Cloud Flaw Led To Ransomware Hit / Fresh Today / CUToday.info

Marquis Software Solutions Sues SonicWall Over 2025 Cloud Vulnerability Linked to Ransomware Attack

Marquis Software Solutions has filed a lawsuit against SonicWall, alleging that a February 2025 cloud vulnerability enabled a ransomware attack in August 2025, exposing sensitive data from hundreds of financial institutions, including credit unions. The breach, which triggered widespread notifications across the credit-union system, has had significant fallout for affected organizations.

According to the complaint, the attacker exploited exposed credentials and firewall configuration data from SonicWall’s cloud incident, bypassing multifactor authentication (MFA) protections. Marquis claims SonicWall introduced an exploitable flaw through an API code change, allowing unauthorized downloads of firewall configuration backups. The company alleges that predictable device serial numbers and unencrypted MFA "scratch codes" in the backups enabled threat actors to compromise systems.

SonicWall has denied the allegations, stating it has not found technical evidence linking its cloud incident to the ransomware attack and plans to contest the claims. Meanwhile, Marquis, which serves over 700 banks and credit unions including Artisans’ Bank and VeraBank reported that the breach led to customer notifications, legal expenses, forensic costs, and class-action litigation. The company is seeking damages, arguing SonicWall failed to adequately protect customer firewall data.

Source: https://www.cutoday.info/Fresh-Today/Marquis-Sues-SonicWall-Alleges-2025-Cloud-Flaw-Led-To-Ransomware-Hit

SonicWall cybersecurity rating report: https://www.rankiteo.com/company/sonicwall

Marquis cybersecurity rating report: https://www.rankiteo.com/company/marquis-software-solutions

"id": "SONMAR1772202741",
"linkid": "sonicwall, marquis-software-solutions",
"type": "Vulnerability",
"date": "2/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"

{'affected_entities': [{'customers_affected': '700+ banks and credit unions '
                                              '(e.g., Artisans’ Bank, '
                                              'VeraBank)',
                        'industry': 'Financial Services',
                        'name': 'Marquis Software Solutions',
                        'type': 'Software Provider'},
                       {'industry': 'Technology',
                        'name': 'SonicWall',
                        'type': 'Cybersecurity Firm'}],
 'attack_vector': 'Exploited cloud vulnerability, exposed credentials, '
                  'firewall configuration data',
 'customer_advisories': 'Widespread notifications across the credit-union '
                        'system',
 'data_breach': {'data_encryption': 'Unencrypted MFA scratch codes',
                 'sensitivity_of_data': "High (financial institutions' data)",
                 'type_of_data_compromised': 'Firewall configuration data, MFA '
                                             'scratch codes, sensitive '
                                             'financial data'},
 'date_detected': '2025-08',
 'description': 'Marquis Software Solutions has filed a lawsuit against '
                'SonicWall, alleging that a February 2025 cloud vulnerability '
                'enabled a ransomware attack in August 2025, exposing '
                'sensitive data from hundreds of financial institutions, '
                'including credit unions. The breach triggered widespread '
                'notifications across the credit-union system and had '
                'significant fallout for affected organizations. The attacker '
                'exploited exposed credentials and firewall configuration data '
                'from SonicWall’s cloud incident, bypassing multifactor '
                'authentication (MFA) protections. Marquis claims SonicWall '
                'introduced an exploitable flaw through an API code change, '
                'allowing unauthorized downloads of firewall configuration '
                'backups. Predictable device serial numbers and unencrypted '
                "MFA 'scratch codes' in the backups enabled threat actors to "
                'compromise systems.',
 'impact': {'brand_reputation_impact': 'Significant fallout for affected '
                                       'organizations',
            'data_compromised': 'Sensitive data from financial institutions',
            'financial_loss': 'Legal expenses, forensic costs',
            'legal_liabilities': 'Class-action litigation, lawsuit against '
                                 'SonicWall',
            'operational_impact': 'Customer notifications, class-action '
                                  'litigation',
            'systems_affected': 'Firewall configurations, MFA-protected '
                                'systems'},
 'initial_access_broker': {'entry_point': 'Exposed credentials, firewall '
                                          'configuration data',
                           'high_value_targets': 'Financial institutions'},
 'investigation_status': 'Ongoing (SonicWall denies technical evidence)',
 'post_incident_analysis': {'root_causes': 'API code change flaw, predictable '
                                           'device serial numbers, unencrypted '
                                           'MFA scratch codes'},
 'references': [{'source': 'Lawsuit complaint'}],
 'regulatory_compliance': {'legal_actions': 'Lawsuit filed by Marquis Software '
                                            'Solutions'},
 'title': 'Marquis Software Solutions Sues SonicWall Over 2025 Cloud '
          'Vulnerability Linked to Ransomware Attack',
 'type': 'Ransomware',
 'vulnerability_exploited': 'API code change flaw, predictable device serial '
                            'numbers, unencrypted MFA scratch codes'}