Ingram Micro data breach exposes personal information of 42,000 individuals

Ingram Micro, a major global technology distributor, has disclosed a ransomware attack that resulted in the exposure of personal data belonging to approximately 42,000 individuals. The incident involved the unauthorized access and exfiltration of sensitive information, including names, birth dates, Social Security numbers, and employment details, according to a recent report by Security Affairs.

The cybersecurity incident was detected on July 3, 2025, prompting Ingram Micro to launch an investigation with the assistance of cybersecurity experts. The company took immediate steps to contain the breach by temporarily disabling some systems. The unauthorized party gained access to internal file repositories between July 2 and July 3, 2025, stealing files containing personal information. Affected data includes employment and applicant records. While Ingram Micro did not identify the attackers, the Safepay ransomware group claimed responsibility, alleging the theft of 3.5 terabytes of data and subsequently publishing it.

Ingram Micro is offering two years of free credit monitoring and identity protection services to those impacted, underscoring the potential for identity theft and financial fraud following such breaches.

Source: Security Affairs