Ingram Micro ransomware attack impacted over 42,000 people

Global IT distributor Ingram Micro announced it had been affected by a ransomware attack on its internal systems in July 2025 resulting in a data breach that included over 42,000 individuals’ personal identifiable information. The incident exposed sensitive information about employees and job applicants who submitted applications.

Letters sent to the Maine Attorney General describing the breach include the fact that the attackers were able to gain unauthorized access to the internal file repository of Ingram Micro and download files containing sensitive information. The information that was compromised includes names, email addresses, telephone numbers, birth dates and government issued identifiers (driver’s licenses, social security numbers, etc.) associated with the individuals whose information was breached. Ingram Micro reported it became aware of the cybersecurity event on July 3, 2025; and took immediate action to investigate the incident. The results of the investigation showed that the unauthorized access to the systems occurred on July 2 and 3, 2025; and that the breach resulted in a major outage of internal systems and the website for Ingram Micro causing employees to have to work from home while the issue was resolved. Although Ingram Micro has not made a formal announcement attributing the breach to a particular threat actor, there are preliminary reports indicating that the breach may have been carried out by the SafePay ransomware gang. The gang reportedly listed Ingram Micro on their dark web leak site; and claimed they stole approximately 3.5 Terabytes of data.

The SafePay ransomware gang emerged in September 2024 and has quickly become one of the most prolific ransomware gangs currently operating after several other well-known groups including Lockbit and BlackCat (also referred to as ALPHV) began to decline. The SafePay gang is known for carrying out double extortion attacks which involves first stealing sensitive data from the targeted organization then encrypting the systems and threatening to publicly disclose the stolen data unless a ransom payment is made.

This breach demonstrates the continued vulnerability of even the largest tech organizations to ransomware breaches. In addition to exposing employees and customers to long term risks through large scale data thefts, this breach further emphasizes the importance of developing stronger data protection and incident response procedures.