Data know-how big Ingram Micro has revealed {that a} ransomware assault on its methods in July 2025 led to a data breach affecting over 42,000 people.
Ingram Micro, one of many world’s largest business-to-business service suppliers and know-how distributors, has over 23,500 associates, greater than 161,000 clients, and reported internet gross sales of $48 billion in 2024.
In data breach notification letters filed with Maine’s Lawyer Normal and despatched to these affected by the incident, the corporate stated the attackers stole paperwork containing a variety of non-public info, together with Social Safety numbers.
“On July 3, 2025, we detected a cybersecurity incident involving a few of our inner methods. We rapidly launched an investigation into the character and scope of the problem. Based mostly on our investigation, we decided that an unauthorized third occasion took sure recordsdata from a few of our inner file repositories between July 2 and three, 2025,” the IT big revealed.
“The affected recordsdata embrace employment and job applicant data that include private info corresponding to title, contact info, date of start, government-issued identification numbers (for instance, Social Safety, driver’s license and passport numbers), and sure employment-related info (corresponding to work-related evaluations).”
The July 2025 assault additionally triggered a large outage that took down Ingram Micro’s inner methods and web site, which prompted the corporate to ask staff to work at home.
Whereas Ingram Micro has but to hyperlink the breach to a particular menace group, it confirmed that the attackers deployed ransomware on its methods after BleepingComputer first reported on July 5 that the SafePay ransomware gang was behind the assault.
The cybercrime group additionally claimed accountability three weeks later, including the tech big to its darkish internet leak portal and stating that it had stolen 3.5TB of paperwork.
SafePay surfaced in September 2024 as a non-public operation and has since added lots of of victims to its leak website. Nevertheless, the precise variety of victims is probably going bigger, seeing that solely those that do not pay are listed.
This ransomware operation can be recognized for its double-extortion techniques, stealing delicate paperwork earlier than encrypting victims’ methods and threatening to leak the stolen recordsdata on-line if a ransom is just not paid.
Because the begin of 2025, SafePay has slowly stuffed the hole left by LockBit and BlackCat (ALPHV) ransomware, changing into some of the lively ransomware teams.
An Ingram Micro spokesperson has but to answer after BleepingComputer reached out for extra particulars on the assault and to verify that SafePay ransomware was behind the breach.
Whether or not you are cleansing up previous keys or setting guardrails for AI-generated code, this information helps your group construct securely from the beginning.
Get the cheat sheet and take the guesswork out of secrets and techniques administration.
