Global IT products and services distributor Ingram Micro has confirmed that the personal information of approximately 42,000 individuals was compromised following a ransomware attack earlier this year.
The cyberattack occurred on July 3, 2025, forcing the company to proactively shut down several internal systems to contain the breach. This response led to widespread service disruptions across multiple regions, impacting Ingram Micro’s global operations. The company stated that affected systems were gradually restored, with full operational recovery achieved by July 9, 2025.
According to breach notification letters sent to impacted individuals, threat actors gained unauthorized access to internal file repositories containing employee and job applicant records between July 2 and July 3, 2025.
The exposed data includes highly sensitive personal information such as full names, dates of birth, Social Security numbers, passport details, driver’s license numbers, other government-issued identification, and employment-related records. Ingram Micro disclosed the incident to the Maine Attorney General’s Office, confirming that 42,521 individuals were affected.
As part of its remediation efforts, Ingram Micro is offering 24 months of complimentary credit monitoring and identity protection services to those potentially impacted by the breach.
While the company has not officially identified the ransomware group responsible, the Safepay ransomware gang claimed responsibility in July by listing Ingram Micro on its Tor-based leak site, alleging the theft of 3.5 terabytes of data. In early August, Safepay reportedly released the stolen data publicly—an action that typically indicates ransom negotiations were unsuccessful or a ransom was not paid.
The incident highlights the continued risk ransomware poses to large enterprises and underscores the importance of securing sensitive internal data, particularly employee and applicant information, which is increasingly targeted by cybercriminal groups.
