- Ingram Micro suffered a ransomware attack in July 2025 that affected 42,521 people
- Stolen data included personal identifiers and employment records, varying from person to person
- SafePay claims responsibility and claims theft of 3.5 TB; ransom demand probably millions
IT giant Ingram Micro has revealed that it was hit by a ransomware attack in which it lost sensitive data on tens of thousands of people.
In a new report filed with the Maine Attorney General’s Office, as well as data breach notification letters sent out to affected individuals, Ingram Micro said it discovered a cyber breach in July 2025 and launched an investigation:
“On July 3, 2025, we discovered a cybersecurity incident involving some of our internal systems. We quickly initiated an investigation into the nature and extent of the problem. Based on our investigation, we determined that an unauthorized third party took certain files from some of our internal file repositories between July 2 and 3, 2025,” the letter reads.
Thousands of victims
“The affected files include employment and job applicant records that contain personal information such as name, contact information, date of birth, government-issued identification numbers (such as social security, driver’s license and passport numbers) and certain employment-related information (such as work-related evaluations).”
In the filing, Ingram Micro said that exactly 42,521 people were affected and that the data stolen varies from person to person.
To address the breach, the company did what most companies do: launched an investigation with the assistance of a third-party security firm, notified law enforcement and relevant authorities, warned affected individuals, and offered free credit monitoring and identity theft protection for two years.
Although the company did not say who the threat actors were, Bleeping Computer found that SafePay claimed responsibility just weeks after the attack. On its dark web leak portal, the group said it stole 3.5 TB of sensitive documents from Ingram Micro. We could not independently verify these claims, and we do not know how much money SafePay demanded in exchange for deleting the stolen data.
Since Ingram Micro is a B2B giant with more than 160,000 customers, it’s safe to assume that demand may have reached the millions.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
