INTERNET, IT & E-DISCOVERY BLOG: Ransomware attack leads to Marquis suing SonicWall for exposure of 780,000 people’s data!
DarkReading.com reported that “A large fintech company is pinning the blame for its recent data breach on its firewall vendor and suing the vendor for damages. It’s a line that some organizations have toed in recent years, and it carries significant implications for the cybersecurity industry.” The February 28, 2026 article entitled “Marquis v. SonicWall Lawsuit Ups the Breach Blame Game” (https://www.darkreading.com/cloud-security/marquis-sonicwall-lawsuit-breach-blame-game) included these comments:
The plaintiff, Marquis, provides marketing and compliance solutions to more than 700 banks and credit unions, according to its website. On Aug. 14, a ransomware actor gained access to Marquis’s IT network and client data, including personally identifying information (PII) belonging to customers of some of its clients. Recent news reports have suggested that more than 780,000 people were impacted, though Dark Reading could not independently confirm that figure.
For a while, Marquis wasn’t aware of how hackers were able to get into its systems. Meanwhile, on Sept. 17, its firewall vendor, SonicWall, revealed that it had fallen victim to its own breach. Attackers gained access to SonicWall’s cloud backup service and stole customers’ firewall configuration files, which would have made for easy follow-on attacks against those customers. At the time, the security company claimed that only 5% of its customers were affected. On Oct. 8, though, it admitted that, in fact, all of its customers were impacted.
And Marquis took that personally. In a complaint filed with the US District Court for the Eastern District of Texas on Feb. 23, the company laid the blame for its attack on SonicWall and is now seeking damages.
In response to an inquiry from Dark Reading, Marquis shared a press release claiming that “Not only did SonicWall fail to disclose its compromise promptly, but the company assured Marquis that its firewall protection was not affected for a period of several weeks,” and “because SonicWall failed to timely disclose the full scope and severity of its breach, Marquis was prevented from mitigating the harm that resulted from the SonicWall breach.”
Meanwhile, a SonicWall spokesperson told Dark Reading that “At this time, we have not identified any technical evidence establishing a link between these events. Unfortunately, the customer filed a lawsuit without providing documentation to substantiate its allegations in advance. We are reviewing these claims now and are prepared to vigorously defend any unsubstantiated claims.”
Details aside, the lawsuit raises an important question: Who should bear the blame for a third-party data breach?
What do you think?
First published at https://www.vogelitlaw.com/blog/ransomware-attack-leads-to-marquis-suing-sonicwall-for-exposure-of-780000-peoples-data