Ingram Micro Ransomware Attack Impacts 42,000 People
▼ Summary
– Ingram Micro suffered a ransomware attack in July 2025, leading to a data breach affecting over 42,000 individuals.
– The stolen files contained highly sensitive personal information, including Social Security numbers, driver’s licenses, and employment records.
– The attack, claimed by the SafePay ransomware gang, caused a major internal systems outage, forcing employees to work from home.
– SafePay is known for double-extortion tactics and has become one of the most active ransomware groups in 2025.
– While SafePay publicly claimed responsibility, Ingram Micro has not officially confirmed the group as the perpetrator.
A major ransomware incident at global technology distributor Ingram Micro compromised the personal data of more than 42,000 people. The breach, which occurred in early July 2025, involved the theft of sensitive employment and applicant records. This event underscores the persistent threat ransomware poses to large enterprises and the vast amounts of personal information they manage.
Ingram Micro, a leading business-to-business service provider, confirmed the attack in data breach notifications filed with authorities. The company stated that an unauthorized party accessed internal file repositories between July 2 and 3, 2025, extracting documents containing a wide array of personal information. The stolen data includes names, contact details, dates of birth, and critical government-issued identification numbers such as Social Security, driver’s license, and passport numbers. Employment-related information, including work evaluations, was also part of the compromised files.
The cyberattack caused significant operational disruption, triggering a massive outage that took down Ingram Micro’s internal systems and public website. This disruption forced the company to instruct its employees to work from home while it addressed the technical issues. Although Ingram Micro’s initial notifications did not attribute the attack to a specific group, evidence points to the SafePay ransomware gang. The group claimed responsibility for the breach, listing Ingram Micro on its dark web leak site and boasting it had stolen approximately 3.5 terabytes of documents.
SafePay operates using a double-extortion model, a common and aggressive tactic in modern cybercrime. This involves exfiltrating sensitive data before encrypting the victim’s systems. The attackers then demand a ransom, threatening to publish the stolen information online if their demands are not met. Emerging as a private operation in late 2024, SafePay has rapidly grown its list of victims. The group has become notably more active throughout 2025, positioning itself as a leading threat actor following the decline of other major ransomware operations like LockBit and BlackCat.
The scale of this breach highlights the severe risks associated with centralized data repositories at major corporations. For the individuals affected, the exposure of such detailed personal and identification data creates a substantial and long-term risk of identity theft and fraud. Ingram Micro is offering affected individuals complimentary credit monitoring and identity protection services. As ransomware groups continue to evolve their methods, this incident serves as a stark reminder of the critical need for robust cybersecurity defenses and proactive incident response plans across the technology supply chain.
(Source: Bleeping Computer)
