Ingram Micro has confirmed that a ransomware attack exposed the personal data of more than 42,000 individuals. The IT distributor detected the breach on July 3, 2025, after attackers gained unauthorized access to internal systems and extracted files from company repositories. The company later informed the Maine Attorney General’s Office that 42,521 people were affected, including a small number of Maine residents.
The compromised data includes names, dates of birth, Social Security numbers, passport and driver’s license numbers, and employment-related records tied to current employees and job applicants. Hackers triggered widespread system outages during the incident, forcing Ingram Micro to take parts of its infrastructure offline while teams contained the intrusion and restored services. Operations resumed globally within about a week.
See also: 5 Steps for Effective Cybersecurity Incident Reporting
Ingram Micro discovered the breach on December 26, 2025, after completing a forensic investigation. The company began sending written notifications to affected individuals on January 16, 2026. To reduce the risk of identity theft, Ingram Micro is offering 24 months of free Experian credit monitoring and identity protection services to impacted users.
Although Ingram Micro has not officially named the attackers, the SafePay ransomware group listed the company on its leak site in mid-2025 and claimed to have stolen 3.5 terabytes of data. The public posting suggests the company did not pay a ransom. Security analysts note that SafePay actively uses double-extortion tactics, which involve stealing sensitive data before encrypting systems and threatening public release.
See also: GhostPoster Browser Extensions Hit 840,000 Installs Across Chrome, Firefox, and Edge
For users and enterprises connected to Ingram Micro, this incident reinforces the importance of monitoring credit activity, enabling fraud alerts, and maintaining strong cybersecurity hygiene. The company continues to cooperate with regulators and monitor the situation while providing guidance to affected individuals.
