PLANO, Texas— In a breach that has ultimately affected more than 70 credit unions, Marquis Software Solutions has filed a lawsuit against cybersecurity firm SonicWall, alleging that a vulnerability in SonicWall’s cloud backup systems led to a ransomware attack and data breach.
As the CU Daily has been reporting, numerous credit unions have been named as defendants in lawsuits related to the exposure of member data.
The lawsuit, first reported by BleepingComputer and Dark Reading, alleges that a security flaw in SonicWall’s MySonicWall cloud backup infrastructure allowed attackers to access firewall configuration backup files. Marquis contends that the compromised data was later used to infiltrate its systems and deploy ransomware.
API Allegedly Played Role
According to BleepingComputer, Marquis claims SonicWall introduced a vulnerability through an application programming interface (API) code change in February 2025, which allegedly enabled unauthorized access to customer firewall backup data stored in SonicWall’s cloud environment. The attackers allegedly used that information to bypass security controls.
Marquis discovered the ransomware attack in mid-August 2025, according to reporting by TechCrunch, which said the breach prompted notifications to dozens of U.S. banks and credit unions that rely on Marquis for compliance, analytics and marketing services. Security Boulevard reported that the incident exposed data belonging to hundreds of thousands of banking customers.
Additional Allegations
In its complaint, Marquis alleges negligence, misrepresentation and other claims, asserting that it had implemented multi-factor authentication and other security protections but that the intrusion stemmed from SonicWall’s cloud backup systems. The company is seeking monetary damages tied to incident response costs, business disruption and reputational harm, according to BleepingComputer.
SonicWall’s Response
SonicWall said it is reviewing the allegations and intends to defend itself, Dark Reading reported, adding that the company has not publicly acknowledged definitive technical evidence linking its cloud backup environment to the ransomware attack.
