Major US IT services provider Ingram Micro has begun the laborious process of notifying individuals whose data was compromised via a July 2025 data breach.
The company disclosed it had been the victim of a ransomware attack in early July, which caused it to take certain of its systems offline to contain the breach, but the damage had been done.
By the end of the month, the SafePay ransomware group listed Ingram Micro as a victim on its darknet leak site and claimed to have stolen more than three terabytes of data. Now, Ingram Micro is contacting the 42,521 impacted by the incident.
“On July 3, 2025, we detected a cyber security incident involving some of our internal systems. We quickly launched an investigation into the nature and scope of the issue,” Ingram Micro said in its notification letter, which it shared with the Office of the Maine Attorney General, as several citizens of the US state were impacted.
“Based on our investigation, we determined that an unauthorised third party took certain files from some of our internal file repositories between July 2 and 3, 2025. We worked diligently to review the affected files to understand their contents. Through this review, we recently learned that some of the affected files include personal information about you.”
According to the notification letter, the impacted data includes “name, contact information, date of birth, government-issued identification numbers (for example, Social Security, driver’s license and passport numbers), and certain employment-related information (such as work-related evaluations)”.
The impacted data varies from individual to individual. Ingram Micro also provided a range of advice for those affected, from instructions on how to request a security freeze in their state to guidance on obtaining a free credit report.
Who is SafePay?
SafePay was first observed in October 2024 and has been busy since then, racking up more than 400 victims.
The group has been observed targeting businesses in Australia, the United Kingdom, the United States, Italy, New Zealand, Canada, Belgium, Brazil, Germany, Barbados, and Argentina, and – according to the group – is not a ransomware-as-a-service (RaaS) operation.
“SafePay ransomware has never provided and does not provide the RaaS,” Safepay said on its leak site.
David Hollingworth
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.