Pierluigi Paganini
January 19, 2026
Ingram Micro is a global technology distributor and supply-chain services company. It acts as a middleman between IT vendors (like Microsoft, Cisco, HP, Apple, and cybersecurity firms) and businesses, resellers, and service providers, helping them buy, sell, and deploy technology products and services worldwide.
The company detected a cyber incident on July 3, 2025 and launched an investigation with the help of cybersecurity experts. The company quickly contained the breach, in response to the incident took some systems offline to contain the threat. Ingram announced that it has applied security measures and notified law enforcement.
“On July 3, 2025, we detected a cybersecurity incident involving some of our internal systems. We quickly launched an investigation into the nature and scope of the issue. Based on our investigation, we determined that an unauthorized third party took certain files from some of our internal file repositories between July 2 and 3, 2025.” reads the data breach notification shared with Maine Attorney General’s Office. “We worked diligently to review the affected files to understand their contents. Through this review, we recently learned that some of the affected files include personal information about you.”
Ingram Micro announced it suffered a ransomware attack and found that an unauthorized party stole files from internal systems, some containing personal data.
Ingram Micro restored the affected systems within about a week and fully resumed global operations by July 9.
The exposed files include employment and job applicant records that contain personal information such as name, contact information, date of birth, government-issued identification numbers (for example, Social Security, driver’s license and passport numbers), and certain employment-related information (such as work-related evaluations). According to the data breach notification, the types of affected personal information vary by impacted individual.
The company is offering affected individuals two years of free credit monitoring and identity protection services.
Ingram Micro did not name the cybercrime group behind the security breach, but the Safepay ransomware group claimed the attack.
The group added the company to its Tor leak site and claimed the theft of 3.5 TB of sensitive data, and later published it, suggesting a failed negotiation.
At the time of this writing the download link doesn’t work.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, ransomware)
