SonicWall announced that unauthorized access to its cloud backup service resulted in the theft of firewall configuration files from all affected customers. The compromised backups, which contained encrypted credentials and configuration data, were accessed through brute-force attacks. While encryption remains intact, SonicWall warned that possession of these files could heighten the risk of targeted cyberattacks.
The breach was first detected in early September 2025, with SonicWall disclosing that about 5% of its firewall installations were impacted. The attacker’s goal appears to be leveraging the stolen files for future malicious activities. The company collaborated with cybersecurity firm Mandiant to investigate the incident and is now working to notify all impacted partners and clients.
In a recent update, SonicWall urged affected users to log in and verify their devices. The company has implemented additional security measures and is enhancing its cloud infrastructure and monitoring systems to prevent similar incidents. This breach underscores the importance of robust security practices in cloud backups and the ongoing threat posed by cybercriminals targeting network configuration data.
