Ingram Micro says ransomware attack affected 42,000 people

Recorded: Jan. 19, 2026, 5:03 p.m.

Original

News

Featured
Latest

StealC hackers hacked as researchers hijack malware control panels

Hackers now exploiting critical Fortinet FortiSIEM flaw in attacks

Malicious GhostPoster browser extensions found with 840,000 installs

Cisco finally fixes AsyncOS zero-day exploited since November

Hacker admits to leaking stolen Supreme Court data on Instagram

Jordanian pleads guilty to selling access to 50 corporate networks

Ingram Micro says ransomware attack affected 42,000 people

Become fluent in up to 14 languages with this Babbel lifetime offer

Tutorials

Latest
Popular

How to access the Dark Web using the Tor Browser

How to enable Kernel-mode Hardware-enforced Stack Protection in Windows 11

How to use the Windows Registry Editor

How to backup and restore the Windows Registry

How to start Windows in Safe Mode

How to remove a Trojan, Virus, Worm, or other Malware

How to show hidden files in Windows 7

How to see hidden files in Windows

Webinars
Downloads

Latest
Most Downloaded

Qualys BrowserCheck

STOPDecrypter

AuroraDecrypter

FilesLockerDecrypter

AdwCleaner

ComboFix

RKill

Junkware Removal Tool

Deals

Categories

eLearning

IT Certification Courses

Gear + Gadgets

Security

VPNs

Popular

Best VPNs

How to change IP address

Access the dark web safely

Best VPN for YouTube

Forums
More

Virus Removal Guides
Startup Database
Uninstall Database
Glossary
Send us a Tip!
Welcome Guide

HomeNewsSecurityIngram Micro says ransomware attack affected 42,000 people

Ingram Micro says ransomware attack affected 42,000 people

By Sergiu Gatlan

January 19, 2026
08:33 AM
0

Information technology giant Ingram Micro has revealed that a ransomware attack on its systems in July 2025 led to a data breach affecting over 42,000 individuals.
Ingram Micro, one of the world's largest business-to-business service providers and technology distributors, has over 23,500 associates, more than 161,000 customers, and reported net sales of $48 billion in 2024.
In data breach notification letters filed with Maine's Attorney General and sent to those affected by the incident, the company said the attackers stole documents containing a wide range of personal information, including Social Security numbers.

"On July 3, 2025, we detected a cybersecurity incident involving some of our internal systems. We quickly launched an investigation into the nature and scope of the issue. Based on our investigation, we determined that an unauthorized third party took certain files from some of our internal file repositories between July 2 and 3, 2025," the IT giant revealed.
"The affected files include employment and job applicant records that contain personal information such as name, contact information, date of birth, government-issued identification numbers (for example, Social Security, driver's license and passport numbers), and certain employment-related information (such as work-related evaluations)."
The July 2025 attack also triggered a massive outage that took down Ingram Micro's internal systems and website, which prompted the company to ask employees to work from home.
While Ingram Micro has yet to link the breach to a specific threat group, it confirmed that the attackers deployed ransomware on its systems after BleepingComputer first reported on July 5 that the SafePay ransomware gang was behind the attack.
The cybercrime group also claimed responsibility three weeks later, adding the tech giant to its dark web leak portal and stating that it had stolen 3.5TB of documents.

Ingram Micro entry on SafePay's leak site (BleepingComputer)
SafePay surfaced in September 2024 as a private operation and has since added hundreds of victims to its leak site. However, the actual number of victims is likely larger, seeing that only those who don't pay are listed.
This ransomware operation is also known for its double-extortion tactics, stealing sensitive documents before encrypting victims' systems and threatening to leak the stolen files online if a ransom is not paid.
Since the start of 2025, SafePay has slowly filled the gap left by LockBit and BlackCat (ALPHV) ransomware, becoming one of the most active ransomware groups.
An Ingram Micro spokesperson has yet to reply after BleepingComputer reached out for more details on the attack and to confirm that SafePay ransomware was behind the breach.

Secrets Security Cheat Sheet: From Sprawl to Control
Whether you're cleaning up old keys or setting guardrails for AI-generated code, this guide helps your team build securely from the start.
Get the cheat sheet and take the guesswork out of secrets management.
Download Now

Related Articles:
Covenant Health says May data breach impacted nearly 478,000 patientsBlack Basta ransomware gang's internal chat logs leak onlineMonroe University says 2024 data breach affects 320,000 peopleVictorian Department of Education says hackers stole students’ dataUniversity of Hawaii Cancer Center hit by ransomware attack

Breach
Data Breach
Ingram Micro
Ransomware
SafePay

Sergiu Gatlan
Sergiu is a news reporter who has covered the latest cybersecurity and technology developments for over a decade. Email or Twitter DMs for tips.

Previous Article
Next Article

Popular Stories

Microsoft: Some Windows PCs fail to shut down after January update

Microsoft: Windows 11 update causes Outlook freezes for POP users

StealC hackers hacked as researchers hijack malware control panels

Sponsor Posts

New webinar: Choose-your-own-investigation walkthrough of modern browser attacks

Discover how to scale IT infrastructure reliably without adding toil or burnout.

Upcoming Webinar

Main Sections

News
Webinars
VPN Buyer Guides
SysAdmin Software Guides
Downloads
Virus Removal Guides
Tutorials
Startup Database
Uninstall Database
Glossary

Community

Forums
Forum Rules
Chat

Useful Resources

Welcome Guide
Sitemap

Company

About BleepingComputer
Contact Us
Send us a Tip!
Advertising
Write for BleepingComputer
Social & Feeds
Changelog

Username

Password

Remember Me

Not a member yet? Register Now

Reporter

Help us understand the problem. What is going on with this comment?

Spam

Abusive or Harmful

Inappropriate content

Strong language

Other

Read our posting guidelinese to learn what content is prohibited.

Submitting...
SUBMIT

Ingram Micro, a global leader in business-to-business technology distribution with over 23,500 employees and $48 billion in net sales for 2024, disclosed a significant ransomware attack that occurred in July 2025. The incident compromised the personal data of approximately 42,000 individuals, including employees and job applicants, following unauthorized access to internal systems. The breach, detected on July 3, 2025, involved the theft of documents containing sensitive information such as names, contact details, dates of birth, government-issued identification numbers (e.g., Social Security, driver’s licenses, and passport details), and employment-related records. The attack also triggered a widespread system outage, forcing the company to shut down its internal networks and website, requiring staff to work remotely. While Ingram Micro has not explicitly linked the breach to a specific threat group, it confirmed that ransomware was deployed on its systems. The SafePay ransomware gang, which emerged as a private operation in September 2024, later claimed responsibility for the attack. According to BleepingComputer, SafePay asserted that it had exfiltrated 3.5 terabytes of data and added Ingram Micro to its dark web leak portal, a common tactic in its double-extortion model. This approach involves encrypting victims’ systems while simultaneously stealing sensitive information, which is then threatened to be leaked unless a ransom is paid. SafePay has since become one of the most active ransomware groups, filling the void left by previously prominent entities like LockBit and BlackCat (ALPHV) since early 2025. The company’s notification letters to affected individuals, filed with Maine’s Attorney General, emphasized the scope of the breach but did not provide further details on the attack’s technical specifics or mitigation measures. An Ingram Micro spokesperson has yet to comment publicly on the incident, despite inquiries from cybersecurity outlets. The breach underscores the growing threat of ransomware attacks targeting large enterprises, particularly those with extensive data repositories and critical infrastructure. SafePay’s operations highlight a shift in cybercrime strategies, where the theft of data for extortion purposes has become as significant as the encryption of systems. The incident also raises questions about Ingram Micro’s cybersecurity protocols, given its role as a major technology distributor handling sensitive information for clients and employees. The attack’s timing, occurring during a period of heightened ransomware activity, reflects broader trends in the cybersecurity landscape, where financially motivated groups exploit vulnerabilities in corporate networks to maximize profits. For affected individuals, the breach poses risks of identity theft and financial fraud, necessitating heightened vigilance and potential credit monitoring. The case also serves as a cautionary example for organizations to prioritize robust data protection measures, incident response planning, and collaboration with cybersecurity researchers to mitigate the impact of such attacks. While Ingram Micro has not disclosed whether it paid a ransom, the incident adds to the growing list of high-profile breaches that have exposed the vulnerabilities of even well-established corporations. The involvement of SafePay, which has cultivated a reputation for its aggressive tactics and expanding victim list, further illustrates the evolving nature of ransomware as a service, where cybercriminals operate with relative anonymity and operational sophistication. The breach also highlights the challenges faced by organizations in detecting and responding to sophisticated cyber threats, particularly those that leverage supply chain vulnerabilities or exploit outdated systems. As ransomware groups continue to adapt their methods, the incident serves as a reminder of the critical importance of proactive cybersecurity measures, employee training, and real-time threat intelligence in safeguarding sensitive data. For the broader technology sector, the attack underscores the need for enhanced collaboration between private enterprises and regulatory bodies to establish stricter security standards and improve incident transparency. The case of Ingram Micro, a company deeply embedded in global IT supply chains, also raises concerns about the potential ripple effects of such breaches on its clients and partners, who may face indirect risks from compromised data. Ultimately, the incident highlights the persistent threat of ransomware in an increasingly digital world, where the stakes for both organizations and individuals continue to rise. The response from Ingram Micro, including its communication with affected parties and efforts to address the breach, will likely set a precedent for how similar incidents are managed in the future. As SafePay’s activities demonstrate, the battle against ransomware requires not only technical defenses but also international cooperation, legal frameworks, and a commitment to transparency to hold cybercriminals accountable. For cybersecurity professionals, the case provides valuable insights into the tactics of modern ransomware groups and the importance of continuous monitoring and adaptive security strategies to counter emerging threats.