A large fintech company is suing its firewall vendor, Marquis v SonicWall, after a data breach blamed on a third-party security vendor. Marquis says its ransomware attack on 14 August compromised its IT network and customer data, including PII for some clients’ customers, with reports suggesting more than 780,000 people were affected though this could not be independently confirmed.
The vendor, SonicWall, disclosed on 17 September that it had been breached, initially claiming only 5% of its customers were affected, but on 8 October admitted that all customers were impacted. Marquis filed a complaint with the US District Court for the Eastern District of Texas on 23 February 2026, seeking damages and arguing that responsibility for third-party breaches can extend to vendors, managed service providers and other suppliers.
“That fundamentally changes the risk calculus for the industry,” according to Erin Jane Illman, a Bradley partner, who notes that vendors are increasingly potential co-defendants. The piece also places the Marquis case in the context of prior lawsuits, including a 2018 Barracuda Networks breach and Zoll Services, and discusses the potential for future liability or arbitration in such vendor-supply relationships.