A recent security incident has raised serious concerns across the IT industry. Firewall vendor SonicWall confirmed that all cloud backups of its customers’ firewalls were stolen in a large scale breach. What was initially described as a limited issue has now turned into a data leak affecting every organization that used SonicWall’s cloud backup service.
In mid September, SonicWall reported that attackers had gained access to its cloud infrastructure and copied configuration backups from customer firewalls. At first, the company said only around five percent of backups were affected. This estimate has since been corrected: 100 percent of backups were compromised, as reported by Heise Online.
The breach affects all customers who had enabled SonicWall’s optional cloud backup feature. These backups contained sensitive configuration data such as network rules, VPN setups, credentials, and certificates. In the wrong hands, such information provides valuable insight into internal networks and could help attackers plan targeted intrusions.
SonicWall, together with incident response specialists Mandiant (a Google subsidiary), has advised customers to take immediate action. The company published a detailed remediation playbook describing how administrators should inspect devices, change credentials, recreate backups, and secure their most critical systems. For many organizations, following this process will require at least several days of dedicated work.
Early reports suggest that ransomware groups such as Akira are already attempting to use the stolen data in ongoing campaigns. The implications go beyond a single vendor. Firewalls are central to the security of many organizations, and a compromise at this level exposes how dependent many environments have become on vendor operated cloud services.
This incident highlights a broader issue in modern cybersecurity: too much reliance on centralized trust. Even products designed for protection can become risks if their core data is stored or managed in a way that customers cannot fully control.
At the same time, the concept of cloud based backups is not inherently flawed. Backups are a critical part of any security strategy and directly support one of the key goals of cybersecurity, availability. The ability to quickly restore configurations after an outage or hardware failure is essential to keeping organizations operational.
In this case the balance tilted toward convenience. The backup data was not encrypted end to end, and the encryption keys were not held by the customers themselves. If those configurations had been encrypted at rest with customer managed keys, the damage from this breach would likely have been more limited. Achieving that level of control requires additional effort in architecture and key management, but it is the sustainable way to align convenience with resilience.
The Zero Trust approach aims to create this balance. Its main principle, “never trust, always verify”, means that no user, device, or provider should be trusted automatically. Security should be enforced locally and cryptographically, so that even if a supplier or infrastructure provider is compromised, customer data remains protected.
The SonicWall breach shows the challenges that arise when these principles are not applied. Cloud convenience can improve availability but also creates central points of failure that become attractive targets for attackers.
For European organizations, this connects directly to digital sovereignty. Frameworks such as NIS2 and GDPR require not only encryption but also demonstrable control over data storage, access, and cryptographic keys. True sovereignty means understanding where data resides and ensuring that no external provider can access it by design rather than by policy.
At Wire, this philosophy has guided our approach from the beginning. As a European, sovereign collaboration platform with true end-to-end encryption, Wire ensures that organizations retain full control over their communication and data. Security should not rely on promises or the infrastructure of any provider — it should be built into the architecture itself.
The SonicWall incident is a reminder that even well-intentioned features can introduce new risks if implemented without sufficient control. Balancing availability, confidentiality, and integrity requires thoughtful design — one that keeps data secure, even when the systems around it fail.