Update: SonicWall Confirms Breach Exposes All Customer Firewall Configuration Backups

On September 17, 2025, cybersecurity firm SonicWall experienced a major breach exposing firewall configuration backup files. While initial reporting suggested only 5% of accounts had been compromised, SonicWall just announced that all of its users have had their firewall configuration backup files accessed by an unauthorized party.

Reporting suggests that usernames, passwords, private keys, site-to-site VPNs, HTTPS admin, and numerous other elements are either vulnerable or already compromised. Furthermore, the risk of follow-on breaches is dramatically increased, especially if your system and devices relied exclusively on SonicWall for their firewall security. 

Failure to appropriately respond to a data breach could incur significant fines and liability, deceptive trade practice and consumer protection claims, and potential business license suspensions. 

Brown Rudnick’s Cybersecurity and Data Breach Response Team is available to help impacted customers, including implementing a systemwide password change and private key update, performing an audit on data logs, seeking a new firewall provider, disabling external access, implementing an MFA policy, and more. If you experience a follow-on breach or if your customer and client data was exposed in the SonicWall breach, our team of skilled cybersecurity attorneys will assist you in determining your notice, disclosure, and response obligations and work with you in meeting those obligations. 

If you believe your organization has been impacted by SonicWall’s breach, Brown Rudnick’s Cybersecurity and Data Breach Response Team can advise you on next steps. Please contact Matthew Richardson, Morgan Jones, Rodger D. Moss, Jr., or Daniel Healy, or call 1 (800) 281-8763. Our dedicated cyber breach team will respond within 15 minutes, 24/7.