Ingram Micro Ransomware Attack Affects 42k, Exposing Social Security Numbers

On July 3, 2025, Ingram Micro detected a cybersecurity incident involving ransomware on some of its internal systems.

The attack was carried out by a group identifying itself as SAFEPAY, which claimed responsibility in a posting on the Tor network on July 7, 2025. According to SAFEPAY, they were able to access Ingram Micro’s systems due to security misconfigurations, allowing them to encrypt critical files and exfiltrated approximately 3.5 terabytes of sensitive data.

SAFEPAY’s ransom note stated that unless Ingram Micro contacted them within seven days, the stolen data would be published online. The group also warned against attempting to decrypt files independently, threatening irreversible damage.

The compromised information included Social Security numbers, contact information, dates of birth, driver’s license numbers, government-issued identification numbers, names, medical records, passport numbers and employment-related information like work-related evaluations.

The incident was disclosed to the California Attorney General, the Maine Attorney General, and the Vermont Attorney General on January 16, 2026, and the Massachusetts OCABR on January 17, 2026. The Texas Attorney General posted their disclosure on Jan. 21, 2026.

It was also previously disclosed to the Securities and Exchange Commission on July 7, 2025, and the company also posted a public update and notice to consumers on its website.

The breach affected a total of 42,521 individuals in the United States, including 3,079 in Texas, 139 residents of Massachusetts, and five residents of Maine.

Ingram Micro's response

After discovering the ransomware, Ingram Micro took action to secure its environment. This included taking certain systems offline, implementing mitigation measures and launching an investigation with the help of leading cybersecurity experts. Law enforcement was notified, and the company worked to restore affected systems and resume business operations globally.

To support those impacted, Ingram Micro offered two years of complimentary credit monitoring and identity protection services through Experian IdentityWorks.

Affected individuals were notified in writing on Jan. 16, 2026, and provided with detailed instructions on enrolling in these services, as well as guidance on obtaining free annual credit reports, placing fraud alerts or security freezes and reporting suspected identity theft to the appropriate authorities.

Given the nature of the breach, anyone who received a notice is encouraged to:

• Enroll in the complimentary identity protection services provided.
• Monitor account statements and credit reports regularly for unauthorized activity.
• Consider placing a fraud alert or credit freeze with the major credit bureaus.
• Report any suspicious activity or suspected identity theft to law enforcement and the Federal Trade Commission.