Eye World covers a serious ransomware incident involving SafePay and Ingram Micro. This group claims to have stolen and plans to leak 3.5 TB of data. Below is an overview.
What Happened in the Ingram Micro Breach
In late July 2025, the SafePay ransomware group compromised Ingram Micro, a major global IT distributor. They allegedly stole 3.5 terabytes of data. SafePay added Ingram Micro to its dark web leak site and set a ransom deadline of August 1, threatening publication if no payment is made . The company had also experienced a global outage and system shutdowns linked to the breach .
SafePay’s Tactics and Global Reach
SafePay is a relatively new group, rising to prominence since late 2024. They use double‑extortion methods—encrypting systems and stealing data to demand ransom . They have added over 260 victims to their leak site within a short span . The breach exploited Ingram Micro’s GlobalProtect VPN and affected key platforms like Xvantage and Impulse .
Implications for Businesses and Risk Exposure
Ingram Micro serves more than 160,000 customers, including major tech vendors. A leak of this scale could expose sensitive documents across industries . While Ingram Micro announced full operational restoration by July 9, they have not officially confirmed data theft or SafePay’s responsibility . Eye World recommends businesses reassess vendor security and ensure robust breach protocols.
Why Eye World Readers Should Care
- Vendor Risk: Even global distributors are vulnerable.
- Data Exposure: Third‑party breaches can impact your business downstream.
- Double‑extortion: New ransomware techniques raise stakes in negotiations.
