Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

SonicWall cloud backup customers data exposed after SonicWall breach

Data Leak
First reported
Last updated
Happening score
H score 6
3 unique sources, 4 articles

Summary

Hide ▲

SonicWall confirmed that a state-sponsored threat actor carried out the September 2025 cloud backup breach, using an API call to access firewall configuration backup files from a specific cloud environment. The incident exposed customer backup data tied to the cloud backup service; SonicWall says it affected less than 5% of customers, was unrelated to Akira ransomware, and did not affect products or firmware. SonicWall is using Mandiant findings to harden its environment and is directing customers to MySonicWall.com, the Online Analysis Tool, and the Credentials Reset Tool for remediation checks.

Related Happenings

Sharp rise in brute-force attempts against SonicWall and Fortinet edge devices

Target Trend
First: 15.04.2026 12:30 Last: 15.04.2026 12:30 Sources 1

About this happening: A **sharp rise** in brute-force attempts against **SonicWall** and **Fortinet** edge devices is increasing risk of perimeter-device compromise across organizations that rely on VP...

Open Happening

Akira group rapid double-extortion ransomware activity

Malware Activity
First: 02.04.2026 16:00 Last: 02.04.2026 16:00 Sources 1

About this happening: **Akira** ransomware activity now includes **AdaptixC2** abuse in active intrusions, alongside the group’s **under-one-hour** to **under-four-hours** attack cadence. A **Silent Pu...

Open Happening

Marquis data breach exposing 672,075 people's personal and financial information

Data Leak
First: 18.03.2026 17:32 Last: 18.03.2026 17:32 Sources 1

About this happening: Marquis disclosed a **data breach** that exposed personal and financial records tied to **672,075 people**, increasing the risk of identity theft and account fraud. The stolen inf...

Open Happening

US District Court for the Eastern District of Texas complaint filed seeking damages against SonicWall on vendor-liability exposure over a cyber breach

Regulatory/Legal Action
First: 27.02.2026 00:02 Last: 27.02.2026 00:02 Sources 1

About this happening: Marquis filed a **federal complaint** in **US District Court for the Eastern District of Texas** against **SonicWall**, seeking **damages** over a **data breach** it says the vend...

Open Happening

Marquis Software Solutions lawsuit against SonicWall over cybersecurity failures

Regulatory/Legal Action
First: 25.02.2026 17:54 Last: 25.02.2026 17:54 Sources 1

About this happening: Marquis Software Solutions filed a lawsuit against **SonicWall**, alleging **gross negligence** and **misrepresentation** tied to a **ransomware attack** that disrupted operations...

Open Happening

Timeline

  1. 06.11.2025 07:40 1 articles · 6mo ago

    SonicWall attributes September cloud backup breach to state-sponsored threat actor

    Attribution Update

    SonicWall said a state-sponsored threat actor was responsible for the September unauthorized access to cloud backup files from a specific cloud environment using an API call, and said the incident was unrelated to Akira ransomware activity.

    Show sources
    Open in new tab
  2. 09.10.2025 22:10 1 articles · 7mo ago

    SonicWall confirms all cloud backup customers affected

    Victim Impact Update

    SonicWall's Oct. 8 investigation update confirmed that an unauthorized party accessed firewall configuration backup files for all customers who used SonicWall's cloud backup service, including encrypted credentials and configuration data that could increase the risk of targeted attacks. SonicWall said no in-the-wild follow-on attacks have been reported and that it is notifying impacted parties and providing remediation guidance.

    Show sources
    Open in new tab
  3. 08.10.2025 03:00 2 articles · 7mo ago

    SonicWall releases remediation tools and hardens cloud defenses

    Mitigation Patch Update

    SonicWall updated its response by releasing tools for device assessment and remediation, assigning priority levels to impacted firewalls in the MySonicWall portal, and adding security hardening and monitoring changes while working with Mandiant to improve its cloud infrastructure.

    Show sources
    Open in new tab
  4. 17.09.2025 03:00 1 articles · 8mo ago

    SonicWall discloses cloud backup file access

    Initial Disclosure

    SonicWall disclosed unauthorized access to firewall configuration backup files tied to customers using its cloud backup service, warning that the encrypted credentials and configuration data could increase the risk of targeted attacks and that the disclosed scope covered around 5% of SonicWall’s firewall install base.

    Show sources
    Open in new tab