Top Security Takeaways From the 2025 Ingram Micro Cyberattack

​Information technology giant Ingram Micro has revealed that a ransomware attack on its systems in July 2025 led to a data breach affecting over 42,000 individuals.

Ingram Micro, one of the world's largest business-to-business service providers and technology distributors, has over 23,500 associates, more than 161,000 customers, and reported net sales of $48 billion in 2024.

In data breach notification letters filed with Maine's Attorney General and sent to those affected by the incident, the company said the attackers stole documents containing a wide range of personal information, including Social Security numbers.

The Ingram Micro Attack: An Overview

"On July 3, 2025, we detected a cybersecurity incident involving some of our internal systems. We quickly launched an investigation into the nature and scope of the issue. Based on our investigation, we determined that an unauthorized third party took certain files from some of our internal file repositories between July 2 and 3, 2025," the IT giant revealed.

"The affected files include employment and job applicant records that contain personal information such as name, contact information, date of birth, government-issued identification numbers (for example, Social Security, driver's license and passport numbers), and certain employment-related information (such as work-related evaluations)."

The July 2025 attack also triggered a massive outage that took down Ingram Micro's internal systems and website, which prompted the company to ask employees to work from home.

Post-Breach Steps for Ingram Micro (and Impacted Customers)

While Ingram Micro has yet to link the breach to a specific threat group, it confirmed that the attackers deployed ransomware on its systems after cybersecurity outlet BleepingComputer first reported on July 5 that the SafePay ransomware gang was behind the attack.

The cybercrime group also claimed responsibility three weeks later, adding the tech giant to its Dark Web leak portal and stating that it had stolen 3.5TB of documents.

This ransomware operation is also known for its double-extortion tactics, stealing sensitive documents before encrypting victims' systems and threatening to leak the stolen files online if a ransom is not paid.

Since the start of 2025, SafePay has slowly filled the gap left by LockBit and BlackCat (ALPHV) ransomware, becoming one of the most active ransomware groups.

How to Secure Your Personally Identifiable Information (PII)

1. Classify data by level of sensitivity

Not all data in a company's repository qualifies as PII. Classifying data is the first step toward securing it. Companies can also classify PII as sensitive and non-sensitive. Once information gets classified, it is mandatory to treat sensitive PII as restricted; companies must draft rules and regulations to tag and safeguard them.

2. Identifying the level of information stored in PII

Taking stock of the PII collected and where it is stored is essential. Evaluating how much of it is sensitive and non-sensitive will also assist businesses in determining the measures needed to safeguard their data.

3. Being aware of the compliance regulations

Every country and industry has different legal compliance rules. Understanding the laws is critical since they govern how the collected data is stored, managed, and used. Failure to adhere to local laws can lead to severe repercussions and harm the company's reputation. Here are some common compliance standards that businesses should know:

• Personal Information Protection and Electronic Documents Act (PIPEDA) in Canada

• Health Insurance Portability and Accountability Act (HIPAA) if you work in the healthcare industry

• General Data Protection Regulation (GDPR), especially if you do business with the EU

Conclusion

With the recent disclosure of the Ingram Micro 2025 attack comes important reminders for organizations to proactively secure what matters most: customer trust.

Ingram Micro has indicated that, according to its current security policy, it could prevent such attacks. The company has implemented additional security and monitoring measures. Ingram Micro has not disclosed whether it paid ransom out to SafePay.