Ingram Micro Confirms 42,521 Affected in July Ransomware Breach

Overview

• The company says attackers removed files from internal repositories on July 2–3, 2025, prompting it to take systems offline after detecting the incident on July 3.
• Compromised data includes names, contact details, dates of birth, government ID numbers such as Social Security, driver’s license and passport numbers, and employment evaluations for employees and job applicants.
• Ingram Micro reports it engaged external cybersecurity experts, implemented containment measures, notified law enforcement, and has begun notifying affected individuals.
• Security Affairs reports the company is offering two years of free credit monitoring and identity protection to those impacted.
• The SafePay ransomware group has claimed responsibility and said it stole about 3.5 TB of data and listed the company on its leak site, though the reported download link does not work.