Marquis Ransomware Attack Spurs Litigation Against SonicWall, Class Actions

A ransomware attack on Marquis, a Texas-based fintech serving over 700 U.S. financial institutions, has prompted significant litigation and raised broad enterprise risk and vendor management concerns.

Sergiu Gatlan wrote about the Marquis ransomware attack for BleepingComputer. The company notified the affected individuals about the breach in March 2026, even though it filed notifications with the US Attorney General offices as far back as December 2025.

Marquis provides digital marketing, data analytics, compliance, and customer relationship management services to banks, credit unions, and mortgage lenders.

The ransomware attack took place in August 2025, compromising the personal and financial data of 672,075 individuals and disrupting operations at 74 banks. Threat actors breached Marquis’ network on August 14, 2025, by exploiting a SonicWall firewall.

Stolen data included names, dates of birth, addresses, phone numbers, Social Security numbers, Taxpayer Identification Numbers, and financial account information. Marquis stated the breach was confined to its own systems.

A Mandiant investigation linked the attack to a state-sponsored hacking group. SonicWall separately disclosed the underlying vulnerability in September 2025, acknowledging that approximately 5% of its firewall customers using cloud backup services were affected.

In February 2026, Marquis filed suit against SonicWall in Texas, alleging gross negligence and misrepresentation. Marquis is simultaneously defending more than 36 consumer class action lawsuits arising from the breach. Marquis seeks damages, indemnification, contribution toward class action judgments, attorneys’ fees, and equitable relief.

This matter underscores the critical importance of robust third-party vendor due diligence and contractual risk allocation, particularly indemnification and contribution provisions, when clients rely on shared technology infrastructure.

Lawyers advising financial institutions should reassess SaaS and cybersecurity vendor agreements for breach notification obligations and liability caps. The 36-plus parallel class actions signal aggressive plaintiff-side coordination in data breach litigation.

Enterprise risk management should account for cascading liability exposure when a single vendor serves hundreds of regulated institutions.