Fintech company Marquis has told customers it plans to demand compensation from a firewall provider after the company was blamed for a breach that allowed hackers to steal customers’ personal and financial data.

In a memo shared with customers this week and seen by TechCrunch, Marquis said it believes the August 2025 ransomware attack occurred because the company’s firewall service provider SonicWall had its own data breach that exposed critical security information about its customers’ firewalls. That first SonicWall breach allowed hackers to obtain the credentials needed to launch a ransomware attack against Marquis, the memo said.

Marquis said its third-party investigation determined that hackers obtained information about its firewall during the SonicWall breach, which Marquis claims was used to circumvent its firewall. Marquis confirmed in the communication that it has saved a backup of the SonicWall cloud firewall configuration file.

The company is “evaluating its options” regarding its firewall provider, including “recovering any costs incurred by Marquis and its customers in responding to the data incident,” according to the memo.

When reached for comment, Hanna Grimm, a spokeswoman for the agency representing Marquis, did not discuss or dispute the company’s new communication with customers but repeated the claim linking its breach to an earlier theft of its firewall configuration.

“In September 2025, after a data security incident affected our systems, our firewall service provider, an industry-leading cybersecurity company, publicly disclosed that a threat actor earlier in the year gained unauthorized access to the cloud backup service,” the statement said.

“Marquis has recently begun using provider firewalls to help protect our network,” the statement added. “While the provider initially reported that less than 5% of customers were affected, it later clarified in October 2025 that firewall configuration data and credentials related to all customers using the cloud backup service, including Marquis, were accessed.”

When contacted by TechCrunch, SonicWall spokesman Bret Fitzgerald said the company had asked Marquis for evidence to substantiate its claims and said it would continue to engage with its customer.

“We have no new evidence to establish a connection between the SonicWall security incident reported in September 2025 and ongoing global ransomware attacks on firewalls and other edge devices,” Fitzgerald said.

Texas-based Marquis, which allows hundreds of banks and credit unions to visualize their customers’ data, has begun which informed hundreds of thousands of people last month that their information was taken during its ransomware attack.

The company had access to large amounts of data belonging to consumer banking customers across the US, including personal information, financial data, and Social Security numbers, which were stolen by hackers.

SonicWall was accepted in October that an earlier breach of its systems actually affected all of its customers who backed up their files on the SonicWall cloud firewall. It used to be said hackers just stole a chunk of its customers’ firewall configuration files with policies and settings.

In the communication seen by TechCrunch, Marquis said it called a third party to investigate whether a patch that failed to roll out during the breach could have been to blame but concluded that the patch related to an error could not be exploited in a way that would allow hackers to access the company’s data.

A Marquis spokesperson declined to provide a number on how many individuals were affected by its data breach. The number of individuals known to have been affected by the breach is expected to increase as new data breach notifications are submitted to state attorneys general.

Do you know more about the Marquis data breach? Do you work for Marquis or a company affected by the breach? We love hearing from you. To safely contact this reporter, you can be contacted using Signal via the username zackwhittaker.1337