​Information technology giant Ingram Micro has revealed that a ransomware attack on its systems in July 2025 led to a data breach affecting over 42,000 individuals.

Ingram Micro, one of the world's largest business-to-business service providers and technology distributors, has over 23,500 associates, more than 161,000 customers, and reported net sales of $48 billion in 2024.

In data breach notification letters filed with Maine's Attorney General and sent to those affected by the incident, the company said the attackers stole documents containing a wide range of personal information, including Social Security numbers.

"On July 3, 2025, we detected a cybersecurity incident involving some of our internal systems. We quickly launched an investigation into the nature and scope of the issue. Based on our investigation, we determined that an unauthorized third party took certain files from some of our internal file repositories between July 2 and 3, 2025," the IT giant revealed.

"The affected files include employment and job applicant records that contain personal information such as name, contact information, date of birth, government-issued identification numbers (for example, Social Security, driver's license and passport numbers), and certain employment-related information (such as work-related evaluations)."

The July 2025 attack also triggered a massive outage that took down Ingram Micro's internal systems and website, which prompted the company to ask employees to work from home.

While Ingram Micro has yet to link the breach to a specific threat group, it confirmed that the attackers deployed ransomware on its systems after BleepingComputer first reported on July 5 that the SafePay ransomware gang was behind the attack.

The cybercrime group also claimed responsibility three weeks later, adding the tech giant to its dark web leak portal and stating that it had stolen 3.5TB of documents.

​SafePay surfaced in September 2024 as a private operation and has since added hundreds of victims to its leak site. However, the actual number of victims is likely larger, seeing that only those who don't pay are listed.

This ransomware operation is also known for its double-extortion tactics, stealing sensitive documents before encrypting victims' systems and threatening to leak the stolen files online if a ransom is not paid.

Since the start of 2025, SafePay has slowly filled the gap left by LockBit and BlackCat (ALPHV) ransomware, becoming one of the most active ransomware groups.

An Ingram Micro spokesperson has yet to reply after BleepingComputer reached out for more details on the attack and to confirm that SafePay ransomware was behind the breach.