Ingram Micro says ransomware attack affected 42,000 people

Dark Web News Analysis

The dark web news reports a confirmed ransomware attack involving Ingram Micro, one of the world’s largest technology distributors. The company has revealed that an attack on its systems in July 2025 resulted in a data breach affecting over 42,000 individuals.

The breach, which triggered a massive outage forcing employees to work from home, has been claimed by the SafePay ransomware gang. The attackers allege they stole 3.5TB of documents before encrypting the systems. The compromised data files are highly sensitive, containing Employment and Job Applicant Records, including Full Names, Contact Info, Dates of Birth, Social Security Numbers (SSNs), Driver’s Licenses, Passport Numbers, and Employment Evaluations.

Key Cybersecurity Insights

As a $48 billion B2B giant, a breach at Ingram Micro has ripples throughout the global technology supply chain:

• The “SafePay” Surge: This incident highlights the rapid rise of SafePay, a group that has aggressively filled the void left by defunct gangs like LockBit and BlackCat. Their success against a target of Ingram Micro’s size validates their capabilities and likely signals an increase in high-value targeting by this group in 2026.
• HR Data Toxicity: The specific theft of Employment Evaluations alongside SSNs is particularly damaging. While SSNs lead to financial fraud, internal evaluations can be used for Extortion or Workplace Harassment, threatening to leak sensitive performance reviews or disciplinary records unless individual victims pay up.
• Supply Chain Disruption: Although the confirmed data loss is focused on people (42k victims), the operational impact (outage) demonstrates the fragility of the tech supply chain. When a distributor like Ingram Micro goes down, thousands of downstream resellers face delays, highlighting the need for resilience in B2B logistics.
• Double Extortion: SafePay utilizes Double Extortion tactics. Even if Ingram Micro restored from backups to fix the outage, the threat remains the publication of the 3.5TB of stolen data, which likely contains B2B contracts and partner pricing lists in addition to the employee PII.

Mitigation Strategies

To protect affected employees and the wider supply chain, the following strategies are recommended:

• Identity Lockdown: All 42,000 affected individuals must immediately freeze their credit reports with the major bureaus (Equifax, Experian, TransUnion) due to the exposure of SSNs.
• Passport Replacement: Individuals whose Passport Numbers were exposed should consider reporting them as compromised to their government issuer to prevent travel fraud or identity cloning.
• Vendor Communication: Ingram Micro partners and resellers should be vigilant for Vendor Email Compromise (VEC) attempts. Attackers may use the stolen data to craft fake invoices that appear to come from legitimate Ingram Micro accounts.
• Internal Phishing Awareness: Employees should be warned that scammers may reference their specific “Performance Evaluations” or job history to add credibility to spear-phishing emails.

Secure Your Business with Brinztech — Global Cybersecurity Solutions

Brinztech protects organizations worldwide from evolving cyber threats. Whether you’re a startup or a global enterprise, our expert solutions keep your digital assets safe and your operations running smoothly.

Questions or Feedback?

For expert advice, use our ‘Ask an Analyst’ feature. Brinztech does not warrant the validity of external claims. For general inquiries or to report this post, please email us: contact@brinztech.com