DALLAS—The ransomware attack on Marquis Software Solutions that has affected approximately 75 credit unions and banks stemmed from a breach involving its SonicWall firewall provider, the company said in a statement.
As the CU Daily has been reporting, the breach exposed sensitive member and customer data and has led to several class action lawsuits.
In a statement to customers and partners this week, Marquis spokesperson Ary Gapairisez said a third-party investigation concluded that hackers exploited configuration data stolen during an earlier security incident tied to SonicWall’s MySonicWall cloud service, allowing attackers to circumvent protections and infiltrate Marquis’s network, according to TechCrunch.
Marquis provides data analytics, marketing and compliance software to financial institutions.
‘Circumvent Our Firewall’
“Based on the ongoing third-party investigation, we have determined that the threat actor that attacked Marquis was able to circumvent our firewall by leveraging the configuration data extracted from the service provider’s cloud backup breach,” the company said in the memo.
SonicWall, a maker of network security appliances, had disclosed in late 2025 that unauthorized access to its MySonicWall cloud backup service exposed firewall configuration files for its customers after an earlier breach, TechCrunch reported. It later acknowledged that all customers using the cloud backup service were affected. SonicWall has said it has seen no new evidence formally linking its incident to the Marquis attack, the report added.
The breach has triggered a wave of breach notifications to customers and regulators across multiple states. Early disclosures indicate that more than 400,000 individuals whose data was held by affected institutions have been notified, with some filings and legal investigations suggesting that the eventual total of impacted records could be significantly higher as more notices are filed.
Evaluating Options
Marquis has said it is evaluating its legal and financial options with respect to SonicWall and is offering credit monitoring services to affected individuals. The company did not disclose evidence of misuse of the stolen data. Regulatory and law enforcement inquiries are ongoing. TechCrunch reported.
