Ingram Micro, a major global IT distributor, is grappling with a severe ransomware attack that began on July 3, 2025, causing a multi-day outage and halting order processing and shipping. The company confirmed the breach on July 6, attributing it to the SafePay ransomware group, possibly via a vulnerability in its GlobalProtect VPN.

The attack has disrupted key systems, disconnected Ingram from vendors and clients, and triggered supply chain delays. While the full scope of the breach is unclear, the impact is significant—especially in centralized procurement sectors like government, telecom, and retail.

Ingram is prioritizing transparency through status updates and customer support channels, and it’s working with cybersecurity experts and law enforcement to recover. Experts warn this incident exposes major vulnerabilities in the cloud-dependent tech supply chain and could erode trust in the distributor model. The situation underscores the need for stronger third-party cybersecurity oversight and resilience planning across the IT ecosystem.