Marquis confirms sensitive personal data of 672,000 people stolen in ransomware attack

The August 2025 SonicWall breach keeps getting worse

News By Sead Fadilpašić published 19 March 2026

• Copy link
• Facebook
• X
• Whatsapp
• Reddit
• Pinterest
• Flipboard
• Threads
• Email

Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter

Get the TechRadar Newsletter

Sign up for breaking news, reviews, opinion, top tech deals, and more.

Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors

By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

You are now subscribed

Your newsletter sign-up was successful

An account already exists for this email address, please log in. Subscribe to our newsletter

• Marquis confirms August 2025 breach impacted 670,000+ people
• Attack tied to SonicWall MySonicWall brute-force incident exposing firewall configs
• Marquis is suing SonicWall, which disputes connection between the two events

The August 2025 cyberattack on Marquis affected more than 670,000 people, the company confirmed earlier this week.

Marquis is a US fintech company building software for banks and credit unions, and to defend its internal network, it uses a firewall built by SonicWall.

In mid-September 2025, SonicWall warned its firewall customers to reset their passwords after unnamed threat actors brute-forced their way into the company’s MySonicWall cloud service.

Article continues below

Lawsuit filed

This tool allows SonicWall firewall users to back up their firewall configuration files, including network rules and access policies, VPN configurations, service credentials (LDAP, RADIUS, SNMP), or admin usernames and passwords (if stored in config).

SonicWall later confirmed that all of its customers were affected, and Marquis said it was among them.

Initially, there were no reports on the number of people affected. Marquis filed reports with multiple Attorney General’s Offices, stating that different types of information were stolen in different states. "The personal information potentially involved for Maine residents includes names, addresses, phone numbers, Social Security numbers, Taxpayer Identification Numbers, financial account information without security or access codes, and dates of birth,” it said in its Maine filing.

Now, BleepingComputer says the company confirmed more than 670,000 victims.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsors