Ingram Micro has written to over 42,000 people informing them they were caught up in its July 2025 ransomware attack.
The world’s second-largest IT distributor announced it had identified ransomware on certain of its internal systems in the first week of July, before fully restoring operations around a week later.
The episode drew sympathy from MSP partners, and caused “minimal” disruption to the broadliner’s sales and profits during the quarter.
Now, Ingram has written to 42,521 people informing them their personal information was compromised by the attack.
The news was conveyed via a Data Breach Notification to the Maine Attorney General’s Office (as first reported by SecurityWeek).
The affected files include employment and job applicant records that contain personal information such as name, contact information, date of birth, government-issued identification numbers (for example, Social Security, driver’s license and passport numbers), and certain employment-related information (such as work-related evaluations), according to Ingram’s notification.
“Based on our investigation, we determined that an unauthorised third party took certain files from some of our internal file repositories between July 2 and 3, 2025,” Ingram stated.
“We worked diligently to review the affected files to understand their contents. Through this review, we recently learned that some of the affected files include personal information about you.”
Ingram said it has arranged to offer complimentary credit monitoring and identity protection services to those affected for two years.
The NYSE-listed distributor – which is increasingly restyling itself as a platform company – grew revenues 7.2% year on year to $12.6bn in its latest quarter (ending 27 September 2025). The ransomware incident is thought to have dented that number by between 1% and 1.5%.
“Our team responded quickly and effectively to the incident, restoring operations with minimal business disruption, which is reflected in our results,” Ingram CEO Paul Bay said at the time.
In a statement to IT Channel Oxygen, an Ingram representative said:
As previously disclosed, Ingram Micro identified a cybersecurity incident in July 2025 involving certain of its internal systems. Promptly after learning of the issue, we launched an investigation with the assistance of leading cybersecurity experts and notified law enforcement.
Based on our investigation, we determined that an unauthorised third party took certain records from some of our internal file repositories. We conducted a thorough review of the affected records to understand their contents and learned that some included personal information belonging to certain Ingram Micro employees and job applicants.
We are notifying impacted individuals in accordance with applicable regulations. Protecting our systems, data, and community remains a top priority, and we take this matter very seriously.
