On 3 July 2025, global IT distributor Ingram Micro suffered a ransomware attack that disrupted core systems and customer platforms across Europe, North America, and Asia. The SafePay group claimed responsibility, alleging in a statement that “misconfigured systems and exposed GlobalProtect VPN credentials” enabled access to Ingram’s network.
The attack forced the shutdown of platforms including Xvantage and Impulse and halted order processing and license fulfilment for services such as Microsoft 365 and Dropbox. Staff in several regions were instructed to disconnect from the corporate infrastructure as a precaution. Analysts estimate the firm lost around $136 million per day during the peak of the outage.
In a statement, the company said that it “took steps to secure the relevant environment, including proactively taking certain systems offline and implementing other mitigation measures. The company also launched an investigation with the assistance of leading cybersecurity experts and notified law enforcement.”
Though service restoration is underway, reputational questions remain around Ingram’s reliability as a global distributor. Enterprise customers were particularly vocal about communication gaps, with several expressing frustration over the inability to track or modify orders.
Fallout from the incident continues to impact the wider sector. Clients began shifting procurement to competitors, while hardware resellers and cloud partners reported project delays linked to order backlogs. Security leaders across the IT distribution industry are now reviewing infrastructure risks, with Ingram itself conducting a full audit of its network segmentation and VPN policies.
