- Ingram Micro suffered a ransomware attack in July 2025 that affected 42,521 people
- The stolen data included personal identifiers and employment records, which vary by individual.
- SafePay claims responsibility, alleging theft of 3.5 TB; ransom demand probably millions
IT giant Ingram Micro has revealed that it suffered a ransomware attack in which it lost sensitive data of tens of thousands of people.
In a new report filed with the Maine Attorney General’s Office, as well as in data breach notification letters sent to affected individuals, Ingram Micro said it detected a cyber intrusion in July 2025 and launched an investigation:
“On July 3, 2025, we detected a cybersecurity incident involving some of our internal systems. We quickly initiated an investigation into the nature and scope of the issue. Based on our investigation, we determined that an unauthorized third party took certain files from some of our internal file repositories between July 2 and 3, 2025,” the letter reads.
Thousands of victims
“Affected files include employment and job applicant records that contain personal information such as name, contact information, date of birth, government-issued identification numbers (for example, Social Security, driver’s license, and passport numbers), and certain employment-related information (such as job-related assessments).”
In the filing, Ingram Micro said that exactly 42,521 people were affected and that the data stolen varies from person to person.
To address the breach, the company did what most companies do: it launched an investigation with the help of a third-party security company, notified law enforcement and relevant authorities, alerted affected individuals, and offered free credit monitoring and identity theft protection services for two years.
While the company did not say who the threat actors were, beepcomputer discovered that SafePay claimed responsibility a few weeks after the attack. On its dark web leak portal, the group said it stole 3.5 TB of sensitive documents from Ingram Micro. We were unable to independently verify these claims and do not know how much money SafePay demanded in exchange for deleting the stolen data.
Given that Ingram Micro is a B2B giant with over 160,000 customers, it’s safe to assume that demand may have reached the millions.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
