What happened
The Ingram Micro ransomware attack affects 42,000 people after Ingram Micro confirmed a cyber incident that led to unauthorized access to personal information. The incident occurred in 2024 and involved ransomware actors gaining access to internal systems used to support certain business operations. According to the disclosure, the attackers accessed files containing personal data during the intrusion before encryption activities were detected and contained. The exposed information varied by individual but included names, contact details, and limited employment-related data. Ingram Micro stated that there is no evidence of misuse at this time and that critical operational systems were restored following containment and remediation efforts. The company notified affected individuals and relevant regulators in accordance with breach notification requirements.
Who is affected
The affected population includes current and former employees and business contacts whose personal data was stored in impacted systems. Exposure is direct for individuals whose information was accessed and indirect for partner organizations that rely on Ingram Micro as a global IT distribution provider.
Why CISOs should care
The incident highlights the ongoing ransomware risk to large technology distributors and the downstream exposure created by centralized data repositories. Compromise of service providers with broad partner ecosystems can amplify operational disruption, regulatory obligations, and reputational impact across multiple industries.
3 practical actions
-
Strengthen ransomware containment controls: Segment internal systems and limit access to sensitive data repositories to reduce blast radius during intrusions.
-
Review breach notification readiness: Ensure incident response plans include timely legal, regulatory, and customer communication workflows.
-
Assess supplier security posture: Reevaluate cybersecurity assurances and incident handling capabilities of critical distributors and service providers.