Ingram Micro CEO On Ransomware Attack: ‘Certain Data Was Exfiltrated From Our Systems’

‘This process is ongoing and complex’ says Ingram Micro CEO Paul Bay. ‘Should we determine that personal information was affected, we will provide notification based on relevant regulations.’

Ingram Micro CEO Paul Bay said “certain data was exfiltrated from our systems” during a July ransomware attack which impacted a number of internal systems causing the company to take its ordering systems offline.

In a second fiscal quarter earnings call Wednesday, Bay (pictured) addressed the ransomware attack offering new details on the response and ongoing investigation.

“This process is ongoing and complex,” Bay said. “Should we determine that personal information was affected, we will provide notification based on relevant regulations.”

He added that transparency and compliance will remain top priorities as the forensic review continues.

“Our rapid response reinforced the critical importance of our managed platform architecture and the strength of our overall teams and partnerships,” he said. “The investigation into the cyber incident remains ongoing, and we continue to monitor our systems closely.”

Bay made the comments after Ingram reported Non-GAAP diluted net earnings per share of 61 cents on a 10.9 percent increase in sales to $12.79 billion.

Net sales in the quarter were above the high end of the company’s guidance, while Non-GAAP earnings per share was at the high end of guidance. Ingram shares were up 12 cents to $19 in after hours trading.

Ahead of the July 4 weekend, Ingram Micro suffered a ransomware attack that disrupted its global operations for nearly a week. The cybercriminal group SafePay claimed responsibility for the breach which forced the Irvine, Calif.-based distributor to take critical systems offline, impacting its ability to process online orders and ship products.

“While no company wants to face the increasing reality of such an attack, our response reflects the way we do business as a platform company,” Bay said. “We approached the incident as a business challenge, and the entire organization mobilized to address it. Due to our scalable and modular platform architecture and the tireless, coordinated efforts of our team, we restored secure operations within days, minimizing disruption to our customers, partners and the overall business.”

The company notified law enforcement and engaged third-party cybersecurity experts to assist with investigation, remediation and recovery.

The operational impact was felt across all regions of the globe but the company was able to restore systems incrementally by region in about seven days. Ingram credited its AI-powered Xvantage platform for playing a key role in accelerating its recovery efforts.

Tom Wyant, an Ingram partner of 22 years and a member of the distributor’s elite group of Trust X Alliance partners, said he’s been “a little worried” since the attack and was surprised at how long it took the company to fully restore operations.

“I want to give them the benefit of the doubt,” said Wyant, owner of Traverse City, Mich.-based MSP Wyant Technologies. “We’ve been partners for so long and they’ve done good by me during that time. Ingram has been a great partner to us. If I have problems, I can call them. They’ve always been there for me.”

“I’m waiting to hear whether any of our data was affected,” he added. “It’s a little frustrating. “

While he knows that no organization is fully immune from cyberattacks, he said the breach raised questions about Ingram Micro’s preparedness. ‘I’m disappointed,” he said “But I’m going to give them a chance to fix it. I’ll keep an eye on things.”

Mike Zilis, Ingram Micro executive vice president and chief financial officer, said during the call that while the cyberattack did not affect second fiscal quarter performance, it has led to a more conservative third fiscal quarter outlook as the company continues to assess the full scope of disruption.

“The timing of the incident over a long U.S. holiday weekend and in the early days of a new month and quarter, coupled with the speed of our response to get the majority of our go-to-market systems back up and running in a matter of days, may have limited the impact on our financial results,” he said.

Some financial impact is expected, according to Zilis, particularly in the form of missed bids and sales opportunities during the system downtime.

“Even if minimized, there is still an impact from the days we were unable to transact, which we are still working to quantify,” he said. “We’ve seen good indicators of business returning to more expected levels since bringing our systems back online.”