On February 23, 2026, Marquis Software Solutions, a Texas-based fintech company that serves banks and credit unions, filed a lawsuit against SonicWall in the U.S This article explores sonicwall revealed vulnerability. . District Court for the Eastern District of Texas (Case No.

426-cv-00195). According to the complaint, Marquis's firewall configurations were made public by SonicWall's disastrous cloud backup breach in 2025, which made it possible for a ransomware attack to occur on August 14, 2025. Attackers used stolen information, such as unencrypted MFA scratch codes and login credentials from SonicWall's MySonicWall service, to get past defenses even with MFA and updated firewalls. Details of the SonicWall Breach Through an API code change, SonicWall revealed a vulnerability in February 2025 that would enable threat actors to access all cloud-stored firewall backups using predictable serial numbers without the need for authentication.

After being discovered in September 2025, SonicWall first stated that less than 5% of users were impacted, but Mandiant's investigation revealed that all MySonicWall users were impacted. Targeted attack risks were increased by the exposed files, which included firewall rules, VPN configurations, MFA bypass codes, and AES-256 encrypted credentials. PII (names, SSNs, and financial information) from more than 400,000 people across more than 700 financial clients was stolen by attackers who encrypted Marquis's network.

In addition to paying for remediation, notifications, and credit monitoring, Marquis is currently defending more than 36 class actions and a lawsuit alleging trade secrets. Contracts were terminated by clients, damaging revenue and reputation; one trade association even withdrew sponsorship. Related Risks Although there isn't a CVE specifically linked to the API flaw, exploitation was made easier by related SonicWall flaws.

Description of CVE ID Products Affected by CVSS Score Patch Status CVE-2024-40766 Unauthorized resource access is made possible by inadequate access control in SSL VPN (Gen6-to-Gen7 migration). 9.3 SonicWall firewalls (Gen7) (Critical) Reset legacy accounts; patched. Session hijacking is made possible by the SSL VPN swap cookie/session ID vulnerability CVE-2024-53704.

SonicWall SSL VPN Patched is not specified. Citing SonicWall's inability to encrypt data, detect intrusion for months, and promptly disclose, Marquis is requesting damages for negligence, gross negligence, unjust enrichment, misrepresentation, contribution, and indemnity. Investigation costs, lost revenue, legal action, and a decline in the company's value are examples of losses. Early questions were disregarded by SonicWall, which later confirmed PSIRT-aligned attack patterns.

Supply chain risks are highlighted by this case, which requires vendors like SonicWall to encrypt backups, closely monitor APIs, and quickly report breaches.

Financial firms are exposed to a cascade of personally identifiable information; experts recommend zero-trust segmentation, offline backups, and credential resets. In light of the growing prevalence of ransomware via configuration theft, Marquis' lawsuit may encourage vendor accountability. Get More Instant Updates on LinkedIn and X.

Make ZeroOwl your Google Preferred Source.