Ingram Micro Data Breach Exposes PII of 42,000 Individuals On January 21, 2026, Ingram Micro Inc., a global technology distributor, disclosed a cybersecurity incident that compromised the personal data of approximately 42,000 individuals. An unauthorized actor accessed the company’s network, potentially acquiring sensitive personally identifiable information (PII), including names, contact details, dates of birth, government-issued IDs (such as Social Security, driver’s license, and passport numbers), and employment-related records like work evaluations. The breach is currently under investigation by Lynch Carpenter LLP, a national class action law firm, which is reviewing potential legal claims on behalf of affected individuals. Ingram Micro has not yet provided further details on the timeline of the breach or the methods used by the attacker. This incident adds to a growing list of data breaches exposing sensitive personal and professional information, raising concerns about the security of third-party vendors handling large volumes of PII. Affected individuals may face heightened risks of identity theft and fraud as a result.

Ingram Micro, a major U.S.-based technology distributor and managed services provider, suffered a ransomware attack starting on Thursday, leading to a prolonged outage of its website and core network systems. The disruption has halted order processing, causing delays in software licensing and preventing customers from accessing or provisioning critical products tied to Ingram’s infrastructure. The attack, attributed to the SafePay ransomware gang (though unconfirmed by the company), has forced Ingram Micro to alert shareholders ahead of market opening. While no data breach details have been publicly confirmed, ransomware groups often exfiltrate sensitive data before encrypting systems, raising concerns about potential data leaks or financial extortion. The outage has crippled operations for Ingram’s global clientele, including smaller businesses reliant on its IT services, risking financial losses, reputational damage, and operational paralysis until systems are restored. The incident underscores the severe impact of ransomware on supply chains and third-party service providers.

Ingram Micro Suffers Ransomware Attack, Disrupting Software Licensing and Operations Ingram Micro, a global technology and electronics distribution giant based in Irvine, California, confirmed a ransomware attack on July 5 that disrupted its network and impacted software licensing services. The incident has prevented customers from using or provisioning certain products reliant on Ingram’s systems, as reported by TechCrunch. The company acknowledged the attack in a July 5 statement, stating it was working to restore affected systems. An Ingram spokesperson later directed inquiries to the initial release, indicating no further updates were available at the time. The outage has had financial repercussions, with Ingram Micro’s stock closing down 7.5% at $20.20 per share on the day of the announcement, reducing its market cap to $4.7 billion. With over $54 billion in annual sales, Ingram Micro plays a critical role in the global supply chain for technology products. The attack highlights ongoing vulnerabilities in cybersecurity for major distribution and logistics firms, though the full extent of the impact on operations and customer data remains unclear.

Ingram Micro Confirms Ransomware Attack Disrupting Internal Systems Global IT product distributor Ingram Micro has confirmed a ransomware attack that disrupted its operations over the U.S. holiday weekend. The company proactively took certain internal systems offline to contain the breach and strengthen its defenses, though it has not disclosed whether any data was exfiltrated. Speculation about the incident began after Ingram Micro’s website went offline unexpectedly, raising concerns about a potential cyberattack. The company later acknowledged the ransomware intrusion in a statement on its investor relations website. While the exact threat actor behind the attack remains unconfirmed, the incident highlights the ongoing risk of ransomware targeting critical supply chain and distribution networks. No further details on the scope of the breach or potential impact on customers have been released.

Conduent, a New Jersey-based business process outsourcing firm, suffered the largest known health data breach of 2025, exposing sensitive healthcare records. The incident triggered multiple post-hack lawsuits and regulatory investigations, with severe reputational and financial repercussions. The breach compromised personal and medical data of countless individuals, leading to potential identity theft, fraud, and legal liabilities. The fallout includes operational disruptions, loss of client trust, and escalating compliance penalties. Given the scale of the breach—affecting healthcare data—it poses long-term risks to affected patients, including exposure of protected health information (PHI) and potential misuse by malicious actors. The company faces mounting legal costs, reputational damage, and possible contractual terminations from partners wary of further vulnerabilities. The breach underscores systemic failures in cybersecurity governance, amplifying scrutiny from regulators and stakeholders.

Weekly Cybersecurity Breach Roundup: DOGE Data Exposure, CIRO Phishing Attack, and Rising Threats This week’s cybersecurity landscape saw multiple high-profile incidents, including unauthorized data sharing by the U.S. Department of Government Efficiency (DOGE), a massive phishing breach in Canada, and a surge in critical vulnerabilities. ### U.S. DOGE Staff Exposed Social Security Data via Unauthorized Cloudflare Server Federal prosecutors confirmed that staff from Elon Musk’s Department of Government Efficiency (DOGE) uploaded sensitive Social Security Administration (SSA) data to an unauthorized Cloudflare server in March 2025. The breach, first reported by a whistleblower in August, involved employees sharing data via third-party links between March 7 and 17. The SSA remains uncertain whether the data was removed from Cloudflare. The incident is part of ongoing litigation over DOGE’s activities at the SSA, which critics claim wasted $21.7 billion. Prosecutors also revealed that a DOGE employee signed an agreement with a political advocacy group seeking voter fraud evidence, potentially linking SSA data to voter rolls. Two DOGE employees were referred to the U.S. Office of Special Counsel for possible Hatch Act violations, which prohibit federal employees from partisan activities. Additionally, a DOGE team member sent an encrypted file believed to contain names and addresses of 1,000 individuals to the Department of Homeland Security and a DOGE advisor at the Department of Labor. The SSA has been unable to decrypt the file. Another DOGE employee continued accessing the "Numident" database containing Social Security card applications and death records despite a court order revoking access. ### Canadian Investment Regulatory Organization (CIRO) Phishing Breach Affects 750,000 Investors The Canadian Investment Regulatory Organization (CIRO) disclosed a phishing attack in August 2025 that exposed sensitive data of approximately 750,000 investors. Compromised information includes names, contact details, dates of birth, Social Insurance numbers, government-issued IDs, investment account numbers, and account statements. CIRO confirmed that login credentials, passwords, and security questions were not accessed. ### UK NCSC Warns of Rising Russia-Aligned Hacktivist DDoS Attacks The UK’s National Cyber Security Centre (NCSC) issued an alert about increased denial-of-service (DDoS) attacks by Russian-aligned hacktivist groups, including NoName057(16). Targets include government bodies, local authorities, and critical infrastructure operators. The NCSC advised organizations to strengthen defenses with traffic filtering, web application firewalls, and rate-limiting policies. ### Ingram Micro Ransomware Attack Exposes 42,000 Employee Records IT distributor Ingram Micro suffered a July 2025 ransomware attack by the SafePay gang, which stole 3.5 terabytes of data, including names, birthdates, Social Security numbers, passport details, and employment records. The breach affected 42,521 individuals. Ingram took systems offline to contain the attack, causing service disruptions before restoring operations by July 9. SafePay later published the stolen data after Ingram refused to pay the ransom. ### CVE Disclosures Surge 21% in 2025 Vulnerability disclosures reached 48,185 in 2025 a 20.6% increase from the previous year with 3,984 critical and 15,003 high-severity flaws. December alone accounted for 5,500 CVEs, while February 26 saw a record 793 disclosures in a single day. Nearly 30% of exploited vulnerabilities were weaponized within one day of disclosure, and 25.8% lacked analysis in the National Vulnerability Database, complicating mitigation efforts. ### SK Telecom Challenges $91 Million Data Leak Fine South Korea’s SK Telecom is contesting a $91 million fine the largest ever imposed by the country’s privacy watchdog after a 2025 data breach exposed all 23 million of its mobile subscribers. The delayed disclosure led to a broader investigation, prompting SK Telecom to offer free USIM replacements. A ransomware group, CoinbaseCartel, later claimed responsibility, alleging it stole source code, project files, and AWS keys via a compromised Bitbucket account. ### Critical Chainlit Vulnerabilities Expose AI Data and Cloud Infrastructure Security researchers at Zafran Labs disclosed two critical flaws in the open-source AI framework Chainlit (CVE-2026-22218 and CVE-2026-22219). The vulnerabilities allow arbitrary file reads and server-side request forgery (SSRF), enabling attackers to access sensitive data, including AI prompts and credentials, and probe internal networks. Chainlit released patches to address the issues. ### North Korean Hackers Abuse Microsoft VS Code for Malware Delivery North Korean threat actors expanded their "Contagious Interview" campaign, using Microsoft Visual Studio Code to execute malware via malicious Git repositories. Victims are tricked into opening projects that automatically run attacker-controlled commands, deploying the EtherRAT macOS trojan. The group has also leveraged developer-friendly platforms like Vercel for command-and-control infrastructure.

Ransomware in 2025: A Systemic Threat Disrupting Global Supply Chains and Critical Services In 2025, ransomware evolved from isolated IT disruptions into a systemic risk, threatening national supply chains, essential services, and entire industries. Cybersecurity Ventures projects the global cost of ransomware will surge to $275 billion annually by 2031, driven by downtime, data loss, recovery efforts, and lost productivity not just ransom payments. A recent SOCRadar analysis highlighted the top 10 ransomware attacks of 2025, each exposing vulnerabilities across sectors: 1. Salesforce Ecosystem – A SaaS supply chain blind spot exploited for widespread disruption. 2. Oracle E-Business Suite – A zero-day attack leveraging supply chain extortion. 3. Jaguar Land Rover – Britain’s costliest cyberattack, crippling automotive operations. 4. Ingram Micro – A ransomware strike paralyzing global IT distribution. 5. Co-operative Group – A sustained siege on the UK retail sector. 6. PowerSchool – Large-scale extortion targeting the education sector. 7. Synnovis – Healthcare disruption with confirmed patient harm. 8. DaVita – Ransomware striking critical healthcare infrastructure. 9. Asahi Group – Manufacturing halts exposing IT-OT convergence risks. 10. Collins Aerospace – Ransomware grounding European airports. Key patterns emerged across these incidents: - Initial access frequently relied on stolen credentials or social engineering rather than sophisticated exploits. - Supply chain vulnerabilities amplified impact, turning single breaches into cascading failures. - Data theft and operational paralysis often outweighed encryption as the primary damage driver. - Delayed consequences such as regulatory penalties or confirmed human harm surfaced months after the attacks. The incidents underscore ransomware’s growing role as a strategic threat, with far-reaching consequences beyond financial losses.

Ingram Micro Data Breach Exposes Sensitive Information of Over 40,000 Individuals U.S.-based IT distributor Ingram Micro disclosed a data security incident from last year that compromised the personal information of more than 40,000 individuals. The breach, which occurred in 2024, exposed sensitive data, though specific details about the type of information affected and the attack vector remain undisclosed. Ingram Micro, a major provider of technology products and services, serves businesses globally, making the incident particularly notable for its potential impact on downstream partners and customers. The company has not released further technical or forensic details about the breach, including whether it resulted from a cyberattack, misconfiguration, or insider threat. The disclosure follows a pattern of high-profile breaches in recent months, including incidents at Minnesota’s Department of Human Services (affecting over 300,000 individuals) and Canada’s CIRO (impacting 750,000 investors). While the full scope of the Ingram Micro breach’s consequences is still unclear, such incidents underscore ongoing risks to supply chain security and the protection of personally identifiable information (PII).