Ingram Micro Suffers Data Breach Due to Ransomware Attack
Information technology giant Ingram Micro has confirmed a data breach affecting more than 42,000 people, the result of a ransomware attack detected in July 2025. The company, a global B2B service provider and technology distributor with net sales of $48 billion in 2024, launched an investigation after detecting a cybersecurity incident in its internal systems.
Incident Details and Compromised Data
The attack, which took place between July 2 and 3, 2025, allowed an unauthorized third party to steal files from Ingram Micro’s internal repositories. The compromised files included employee and job applicant records with a wide range of personal information, such as:
- Name
- Contact information
- Date of birth
- Government-issued identification numbers (for example, Social Security, driver’s license, and passport numbers) *Certain employment-related information (such as performance reviews)
In addition to the data breach, the attack caused a massive outage that affected Ingram Micro’s internal systems and website, leading the company to ask its employees to work remotely.
SafePay Ransomware Gang Identified
Although Ingram Micro has not officially linked the breach to a specific group, initial information from BleepingComputer and a subsequent claim confirmed that the SafePay ransomware gang was responsible for the attack. Three weeks after the incident, SafePay added Ingram Micro to its dark web breach portal, claiming to have stolen 3.5TB of documents.
SafePay, which emerged in September 2024 as a private operation, is known for its double extortion tactics: stealing sensitive documents before encrypting victims’ systems and threatening to leak the files online if a ransom is not paid. Since early 2025, SafePay has grown in activity, filling the void left by groups like LockBit and BlackCat (ALPHV), positioning it as one of the most active ransomware operations today.
Conclusions
This incident underscores the persistent and evolving threat of ransomware and double extortion tactics employed by groups like SafePay. Exposure of sensitive personal data and operational disruptions represent significant challenges for organizations, highlighting the critical need to strengthen cybersecurity defenses and have robust incident response plans. SafePay’s activity demonstrates the adaptability of threat actors and the importance of threat intelligence to understand and mitigate these risks.
References
- BleepingComputer: [Reference to BleepingComputer for its initial report and Ingram Micro’s post on the SafePay leak site]