Ingram Micro admits summer ransomware raid exposed thousands of staff records
Ingram Micro disclosed that a July 2025 ransomware attack compromised the personal data of tens of thousands of employees. The distributor’s filing with the attorney general’s office in Maine confirmed the total number of affected people as 42,521. A letter is being sent to each explaining that employee and job applicant records were affected. The letter also confirmed the attack took place on July 2, and that Ingram Micro detected it a day later, before shutting its systems down.
Basic personal information such as names, contact information, and dates of birth were exposed, as were identity document numbers such as those for passports, driver’s licences, and Social Security numbers. Employment-related information was also among the compromised data types, including work-related evaluations, the letter said. Ingram Micro stated, “Promptly upon detecting the issue, we began taking steps to contain and remediate the unauthorized activity, including proactively taking certain systems offline and implementing other mitigation measures. We also initiated an investigation with the assistance of leading cybersecurity experts and notified law enforcement.”
As The Register reported at the time, ransomware group SafePay claimed responsibility for the attack, allegedly stealing 3.5 TB worth of Ingram’s files. After shutting down systems, MSP sources said they were unable to manage their customers’ services, while other insiders said staff in some regional offices were sent home. While Ingram partially resumed orders within days of the intrusion, limiting operational disruption compared to contemporaneous attacks on M&S and JLR, the impact remained significant. With daily revenues of approximately $190 million, even brief disruptions carried substantial financial costs.
SafePay set a July 31 deadline for Ingram to pay an undisclosed ransom. The deadline passed, and the group claimed to have published the company’s data, but the download link does not work. Customers criticized Ingram’s communication during the incident, with some unable to find the distributor’s attack updates until The Register directed them to the information. One customer stated, “The lack of communication is poor. I get they might not want to reveal all, but some communication and reassurance would be appreciated.”
To read the complete article see: The Register.