- Ingram Micro confirmed suffering a ransomware attack in July 2025
- It has been revealed this was the work of the SafePay group
- The threat actors have added Ingram Micro to its data leak site
Ingram Micro has been added to SafePay’s data leak site, meaning the countdown is on before terabytes of data are leaked on the dark web.
The company suffered a ransomware attack in July 2025 which forced it to shut down parts of its infrastructure. As a result, its business operations were disrupted, and some of its employees were sent to work from home.
The company managed to restore its services rather fast, but the miscreants made away with 3.5TB of sensitive data – which they are now threatening to release unless they are paid.
Terabytes of sensitive files
At the time of the attack, the company did not say who the threat actors were, but BleepingComputer has now uncovered the attack was the work of SafePay, a relatively young ransomware operation that emerged between September and November, 2024.
This group engages in the usual double-extortion tactics (encryption + data theft), and claims to have breached more than 200 organizations across different industries such as manufacturing, healthcare, or education.
At the time of the attack it was also said SafePay broke through the company’s GlobalProtect VPN platform, and left ransom notes on employee devices.
Among the systems impacted by the breach was Ingram Micro’s AI-powered Xvantage distribution platform, and the Impulse license provisioning platform.
Should SafePay leak Ingram Micro’s data, it could send ripples throughout the business world, since it is one of the biggest B2B service providers and technology distributors around, servicing more than 160,000 customers globally, including giants such as Apple, HP, and Cisco.
