Monday, January 19, 2026
Latest:

Threatshub.org sponsored-Post

The Register

Ingram Micro admits summer ransomware raid exposed thousands of staff records

TH Author

Ingram Micro disclosed that a July 2025 ransomware attack compromised the personal data of tens of thousands of employees.

The distributor’s filing with the attorney general’s office in Maine confirmed the total number of affected people as 42,521. A letter is being sent to each explaining that employee and job applicant records were affected.

The letter also confirmed the attack took place on July 2, and that Ingram Micro detected it a day later, before shutting its systems down.

Basic personal information such as names, contact information, and dates of birth were exposed, as were identity document numbers such as those for passports, driver’s licences, and Social Security numbers.

Employment-related information was also among the compromised data types, including work-related evaluations, the letter said.

“Promptly upon detecting the issue, we began taking steps to contain and remediate the unauthorized activity, including proactively taking certain systems offline and implementing other mitigation measures. We also initiated an investigation with the assistance of leading cybersecurity experts and notified law enforcement.”

As The Register reported at the time, ransomware group SafePay claimed responsibility for the attack, allegedly stealing 3.5 TB worth of Ingram’s files.

After shutting down systems, our MSP sources said they were unable to manage their customers’ services, while other insiders said staff in some regional offices were sent home.

Ingram Micro did not answer our specific requests for comment at the time, but issued a statement confirming ransomware was involved.

While Ingram partially resumed orders within days of the intrusion, limiting operational disruption compared to contemporaneous attacks on M&S and JLR, the impact remained significant. With daily revenues of approximately $190 million, even brief disruptions carried substantial financial costs.

Customers criticized Ingram’s communication during the incident, with some unable to find the distributor’s attack updates until The Register directed them to the information.

“The lack of communication is poor,” one customer told us. “I get they might not want to reveal all, but some communication and reassurance would be appreciated.”

SafePay set a July 31 deadline for Ingram to pay an undisclosed ransom. The deadline passed, and the group claimed to have published the company’s data, but the download link does not work.

The Register has asked Ingram Micro for more information. ®

READ MORE HERE