- Ingram Micro was hit by a ransomware attack in July 2025, which impacted 42,521
- The stolen data involved personal identifiable information as well as employment data, which differed from person to person
- The ransomware attack on SafePay has been claimed by the attackers who stole 3.5 terabytes of
Ingram Micro, one of the world’s biggest information technology companies, admitted to being the victim of a ransomware attack in which it lost data about tens of thousands of individuals.
According to a recent report filed by Ingram Micro with the Maine Attorney General’s Office, as well as data breach notification letters sent out to affected individuals, Ingram Micro stated that it discovered a cyber intrusion in July 2025 and began an investigation:
“On July 3, 2025, we noticed a cyber-security incident affecting certain of our internal systems. We promptly began an investigation into the matter. Based on our findings, we have determined that certain files were taken from certain of our internal file storage repositories by an unauthorized third party between July 2 and 3, 2025,” states the letter.
Thousands of victims
“The files which are impacted include employment and applicant files which contain personal data such as name, contact details, date of birth, government-issued identification numbers (for example, Social Security numbers, driver’s license numbers, and passport numbers), and employment data (for example, employment evaluations).
According to the filing, exactly 42,521 people have been affected, and the data stolen differs from one individual to another, according to Ingram Micro.
In response to the attack, the firm did exactly what most firms do: it launched an investigation in conjunction with a third-party security firm, contacted law enforcement authorities, notified affected individuals, and provided complimentary credit monitoring and identity theft protection for two years.
Though the company did not mention who the attackers were, BleepingComputer managed to identify that the group claiming responsibility for the attack a few weeks after the incident was SafePay. According to their dark web leak website, they stole 3.5TB of documents from Ingram Micro. We could not confirm how much money they demanded in order to delete the stolen information.
Since Ingram Micro is a B2B giant with more than 160,000 customers, it’s safe to assume the demand may have reached the millions.
Leave a Reply