- Ingram Micro confirmed struggling a ransomware assault in July 2025
- It has been revealed this was the work of the SafePay group
- The risk actors have added Ingram Micro to its knowledge leak web site
Ingram Micro has been added to SafePay’s knowledge leak web site, which means the countdown is on earlier than terabytes of information are leaked on the darkish net.
The corporate suffered a ransomware assault in July 2025 which compelled it to close down components of its infrastructure. Consequently, its enterprise operations have been disrupted, and a few of its workers have been despatched to work at home.
The corporate managed to revive its providers fairly quick, however the miscreants made away with 3.5TB of delicate knowledge – which they’re now threatening to launch except they’re paid.
Terabytes of delicate information
On the time of the assault, the corporate didn’t say who the risk actors have been, however BleepingComputer has now uncovered the assault was the work of SafePay, a comparatively younger ransomware operation that emerged between September and November, 2024.
This group engages within the normal double-extortion techniques (encryption + knowledge theft), and claims to have breached greater than 200 organizations throughout completely different industries comparable to manufacturing, healthcare, or training.
On the time of the assault it was additionally mentioned SafePay broke by means of the corporate’s GlobalProtect VPN platform, and left ransom notes on worker units.
Among the many techniques impacted by the breach was Ingram Micro’s AI-powered Xvantage distribution platform, and the Impulse license provisioning platform.
Ought to SafePay leak Ingram Micro’s knowledge, it may ship ripples all through the enterprise world, because it is likely one of the largest B2B service suppliers and expertise distributors round, servicing greater than 160,000 clients globally, together with giants comparable to Apple, HP, and Cisco.
