Pax8 says it has launched an internal review after mistakenly sending an email with an attachment containing sensitive partner business information.
According to a report by Bleeping Computer, the CSV file in question listed customer organisation names, Microsoft SKUs, license counts, and New Commerce Experience renewal dates.
It was attached to an email sent to UK partners by an employee on 13 January entitled ‘Potential Business Premium Tactic to Save Money’, the report said. It apparently contained data on approximately 1,800 primarily UK MSPs.
In a statement sent to IT Channel Oxygen, a Pax8 representative said:
On January 13, 2026, a Pax8 employee mistakenly sent an email with an attached spreadsheet to fewer than 40 UK-based partners. The attachment did not contain personally identifiable information. However, the file did include limited internal partner business information used to support their Pax8 business and some aspects of a vendor programme. We have notified every impacted partner and launched an internal review to determine how this occurred and prevent recurrence. We are committed to transparency and will continue to post updates to our Status page at www.status.pax8.com.
In a Reddit thread, one commentor claiming to represent an MSP said they were having to notify their own customers, while others questioned why Pax8 seemingly wasn’t using the same data leak prevention tools it sells on a daily basis.
Founded in 2012, US-based Pax8 has grown rapidly to 1,700 staff. Globally, it now claims to serve more than 47,000 partners.
The ‘cloud commerce marketplace’ ruffled feathers in March when it took out a full-page New York Times advert blasting distribution rivals for “selling the past”.
Built partly on the 2021 and 2023 acquisitions of Wirehive and Bam Boom Cloud, Pax8’s Bristol-headquartered UK subsidiary saw calendar 2024 turnover hike 58% to £131m.
