Ingram Micro: Data From 42,000 Individuals Impacted In 2025 Cyberattack

The IT distribution giant disclosed that data affected in the July 2025 attack included employment and job applicant records.

Ingram Micro disclosed that data belonging to more than 42,000 individuals was impacted in connection with the July 2025 ransomware attack that disrupted the company’s online systems for nearly a week.

In a disclosure posted by the Maine attorney general website, the IT distribution giant said that files including “employment and job applicant records” were among those affected.

The disclosure, dated Jan. 16, does not specifically mention any impacts to partner or customer data.

Data from a total of 42,521 individuals was impacted in the attack, who are being notified by Ingram Micro, according to the filing.

“The affected files include employment and job applicant records that contain personal information such as name, contact information, date of birth, government-issued identification numbers (for example, Social Security, driver’s license and passport numbers), and certain employment-related information (such as work-related evaluations),” Ingram Micro said in the filing. “The types of affected personal information varied by impacted individual.”

The breach occurred between July 2 and July 3, 2025, according to the filing.

“Based on our investigation, we determined that an unauthorized third party took certain records from some of our internal file repositories,” Ingram Micro said in an email statement provided to CRN Tuesday.

“We conducted a thorough review of the affected records to understand their contents, and learned that some included personal information belonging to certain Ingram Micro employees, job applicants, and others,” Ingram Micro said in the statement. “We are notifying impacted individuals in accordance with applicable regulations.”

CRN has reached out to Ingram Micro to request details on what other types of data was stolen in the attack, beyond employee and job applicant data.

The SafePay ransomware group later claimed responsibility for the attack, alleging that it had stolen 3.5 terabytes of Ingram Micro data.

In August 2025, Ingram Micro CEO Paul Bay confirmed during the company’s quarterly call with analysts that “certain data was exfiltrated from our systems” in connection with the ransomware attack.

“This process is ongoing and complex,” Bay said at the time. “Should we determine that personal information was affected, we will provide notification based on relevant regulations.”

The filing with the Maine attorney general’s office suggested that details on the specific individuals impacted in the breach were not discovered until Dec. 26, 2025.

Nearly Weeklong Disruption

Following media reports on July 4, 2025, which indicated that Ingram Micro was experiencing an outage, the company confirmed that it had been impacted by a ransomware attack and was working to restore its systems.

The attack led Ingram Micro to take key systems offline, including the company’s online ordering systems.

On July 10, 2025, the company said it had restored all business operations around the globe.