Ingram Micro Data Breach

Ingram Micro Data Breach

Status: Confirmed
23.5M Records
3.5TB Data
July 28 Verified

Breach Overview

Actor SafePay ransomware group
Vector Compromised VPN credentials (GlobalProtect)
Date of Breach July 3, 2025
Date of Reporting July 9, 2025
Data Posted July 28, 2025 (verified)
Records Stolen 23,511,912
Data Volume ~3.5 TB

Summary

In early July 2025, Ingram Micro was hit by a ransomware attack that crippled its global operations.

The intrusion began when the SafePay group gained access through compromised GlobalProtect VPN credentials, moving laterally across systems before deploying payloads that encrypted core platforms including Xvantage and Impulse.

Employees found ransom notes on July 3. Within hours, Ingram Micro took its systems offline to contain the spread. Disrupting order processing and fulfillment worldwide.

SafePay claimed to have stolen 3.5 terabytes of data and later published portions of it after the company refused to pay.

By July 9, operations resumed, but the impact was extensive. More than 23 million personal and enterprise records were compromised, including contact, address, and identification data.

That information is now confirmed to be circulating on dark web leak forums and DataBreach.com.

About Ingram Micro

Ingram Micro is one of the world's largest business-to-business (B2B) distributors of technology products and services. The company operates behind the scenes for tens of thousands of other organizations (including computer retailers, managed IT providers, and major hardware and software brands) supplying them with equipment, cloud services, and logistics support.

If you received a notice connected to the Ingram Micro breach but don't recall doing business with them directly, that's normal. Your personal information was likely stored by a vendor or service provider that partners with Ingram Micro. Examples include:

  • Your IT provider or reseller. A local computer store, consultant, or tech-support company that sourced products through Ingram Micro.
  • A hardware or software manufacturer. A company whose products you registered or whose warranties are fulfilled through Ingram Micro's systems.

In short, Ingram Micro sits deep in the supply chain. That's why individuals who never interacted with the company directly can still appear in a breach involving its data systems.

Data Points Exposed

Social Security Numbers
Email Addresses
Phone Numbers
Home Addresses
Potential internal and vendor records

Threat Actor: SafePay

A financially motivated group active since 2024.

  • Known for exploiting enterprise VPNs and remote-access tools
  • Tactics include system encryption, mass data theft, and public exposure when ransoms are denied

Impact

The breach disrupted thousands of vendor and reseller channels tied to Ingram Micro's supply chain.

For individuals and executives, it increases risks of:
  • Identity theft and credit fraud
  • Credential stuffing across linked accounts
  • Targeted phishing using verified personal data
  • Doxing and home address exposure
  • Business email compromise and social engineering

Recommendations for Impacted Clients

If you've been notified, or even suspect exposure, take these actions now:

Check Your Exposure
If you're an ObscureIQ client impacted by this breach, the data and risk has been added to active profile. If you're not yet a client, you can request a footprint audit to identify this and other data exposures.
Freeze Your Credit
Contact Equifax, Experian, and TransUnion to prevent fraudulent accounts.
Watch Your Accounts
Monitor banking, investment, and communications accounts for irregular logins or activity.
Use Multi-Factor Authentication
Secure every critical account. Especially email, finance, and cloud platforms.
Expect Targeted Phishing
Attackers will impersonate known vendors or partners. Be cautious with any inbound message related to Ingram Micro.
Mask Your Address
If your home address is public, ObscureIQ can help suppress it across broker and search platforms.
Harden Communications
Executives and vendor liaisons should assume their contact data is now a live target surface.
Credit

What Is Credit Monitoring? And Do I Want It? (Answer: Not Really)

July 14, 2025
Every time there’s a major data breach, companies scramble to offer “free” credit monitoring. It sounds like a responsible move.…
breach economycredit freezecredit scoreequifaxexperianlifelocktransunionupsell
Credible Threats

Lock Down Browsers. Wipe Employee Footprints. Win Breach Wars.

September 2, 2025
Lock Down Browsers. Wipe Employee Footprints. Win Breach Wars. Over 80% of security incidents now start in the browser. Chrome.…
brave browserbreachesbrowser exploitbrowserschromedata securityemployeesexposurefirefoxfootprintmicrosoft edgemulvad
Analysis

Sextortion Spam

May 10, 2025
Sextortion scams aren’t new, but they remain one of the most effective forms of cyber-enabled fraud. These scams don’t rely…
bitcoindeadlinefeargoogle maps apiransomsocial engineering

Contact ObscureIQ for a free breach impact check.

If you believe your information may be part of this breach,or want confirmation across other datasets,

We use a multi-layered intelligence stack, combining public and restricted dark-web sources, to confirm whether your data is in circulation.