When did the Ingram Micro outage begin?

The global outage began on July 3, 2025, around 8 PM UTC and has continued for more than 48 hours, affecting the company's operations worldwide.

What type of company is Ingram Micro?

Ingram Micro is one of the world's largest business-to-business technology distributors, serving thousands of partners and customers who rely on the company for technology services and products globally.

What systems are affected by the Ingram Micro outage?

The outage has affected Ingram Micro's websites, customer portals, and internal systems, making them inaccessible to partners, customers, and employees. The company's main operational systems appear to be down globally.

Is this a ransomware attack on Ingram Micro?

While Ingram Micro has not officially confirmed the nature of the incident, the characteristics strongly suggest a ransomware attack. Reports indicate employees at the Bulgaria service center have been sent home and instructed to keep laptops disconnected, which is typical response protocol for ransomware incidents.

How are Ingram Micro's websites responding during the outage?

Ingram Micro's main website displays a brief maintenance message about technical difficulties. Other company domains show generic error messages referencing Akamai Technologies' EdgeSuite CDN. Some portal login pages appear to function normally and make no mention of the widespread issues.

Who is affected by the Ingram Micro global outage?

The outage is affecting thousands of partners and customers who rely on Ingram Micro for technology services and products globally. This includes businesses that depend on the distributor for their technology supply chain operations.

How long has the Ingram Micro outage lasted?

The outage has lasted for more than 48 hours since it began on July 3, 2025, around 8 PM UTC, with no clear timeline provided for when systems will be restored.

What is the geographic scope of the Ingram Micro outage?

This is a global outage affecting Ingram Micro's operations worldwide. Reports specifically mention impact to the Bulgaria service center, which handles a significant portion of European sales operations, suggesting the incident has international reach.

What should Ingram Micro customers and partners do during this outage?

Customers and partners should expect delays in accessing Ingram Micro's systems and services. They should monitor official communications from the company for updates and may need to explore alternative suppliers temporarily if the outage continues to affect critical business operations.

What does this incident reveal about cybersecurity in the technology supply chain?

This incident highlights the vulnerability of major technology distributors to cyberattacks and the potential widespread impact when a critical supply chain partner experiences a security incident. It demonstrates how attacks on key distributors can affect thousands of downstream businesses and partners.

Why is Ingram Micro's response protocol significant?

The response of sending employees home and instructing them to disconnect laptops is a standard protocol for containing ransomware attacks. This type of immediate isolation helps prevent the spread of malware across networks and suggests the company is treating this as a serious security incident rather than a routine technical issue.

Incident

Global IT Distributor Ingram Micro suffers outage disrupting global operations, suspected ransomware

Q: What are employees being told about the Ingram Micro incident?

Reports indicate that employees at the company's service center in Bulgaria, which handles a significant portion of European sales operations, have been sent home and instructed to keep their laptops disconnected. This type of response is commonly associated with ransomware attacks where organizations must isolate systems to prevent further damage.

published: July 4, 2025

Learn More

Ingram Micro, one of the world's largest business-to-business technology distributors, is experiencing a global outage that began on July 3, 2025, around 8 PM UTC.

The incident has rendered the company's websites, customer portals, and internal systems inaccessible for more than 48 hours, affecting thousands of partners and customers who rely on the distributor for technology services and products.

The incident characteristics suggest a ransomware attack. Ingram Micro has remained largely silent about the nature of the incident. Reports from multiple sources indicate that employees at the company's service center in Bulgaria, which handles a significant portion of European sales operations, have been sent home and instructed to keep their laptops disconnected. This type of response is commonly associated with ransomware attacks where organizations must isolate systems to prevent further damage and data encryption.

Customer service representatives who were reached after extended wait times reportedly told customers that the company believed it had been "targeted," indicating awareness of malicious intent rather than a technical malfunction.

Ingram Micro has not provided any information about whether customer data, partner information, financial records, or other sensitive business information may have been compromised.

Ingram Micro's main website displays only a brief maintenance message stating: "We are currently experiencing technical difficulties. We apologize for the inconvenience and are working to resolve the issue as quickly as possible." Other company domains show even more generic error messages referencing Akamai Technologies' EdgeSuite CDN. Some portal login pages appear to function normally and make no mention of the widespread issues.

Update - BleepingComputer reports that the Ingram Micro outage is caused by a SafePay ransomware attack discovered on Thursday, 3rd of July 2025. The company believes attackers breached through its GlobalProtect VPN platform. The attack has forced Ingram Micro to shut down internal systems including its AI-powered Xvantage distribution platform and Impulse license provisioning platform. The company is directing employees to work from home and avoid using the compromised VPN access.

As of 6th of July 2025, Ingram Micro, confirmed that the company has been hit with a ransomware attack. In a statement, Ingram Micro said:
"Ingram Micro recently identified ransomware on certain of its internal systems. Promptly after learning of the issue, the Company took steps to secure the relevant environment, including proactively taking certain systems offline and implementing other mitigation measures. The Company also launched an investigation with the assistance of leading cybersecurity experts and notified law enforcement.
Ingram Micro is working diligently to restore the affected systems so that it can process and ship orders, and the Company apologizes for any disruption this issue is causing its customers, vendor partners, and others."

As of 9th of July 2025, Palo Alto Networks denied reports that its GlobalProtect VPN was involved in the attack, claiming that none of its products were the source of the vulnerability or impacted by the breach.

As of 30th of July, the SafePay ransomware gang is threatening to leak 3.5TB allegedly stolen from Ingram Micro. The company has not confirmed that SafePay ransomware was behind the breach and has not disclosed if attackers stole data.

As of 19th of January 2026, Ingram Micro reports that the ransomware attack compromised personal data of 42,521 employees and job applicants. Exposed data includes:

names,
contact information,
dates of birth,
Social Security numbers,
passport numbers,
driver's license numbers.

Global IT Distributor Ingram Micro suffers outage disrupting global operations, suspected ransomware

Read More
INC Ransomware gang claims responsibility for attack on …
Invoicely leaks nearly 180,000 files containing sensitive financial …
Groupe IDEA hit by LockBit ransomware gang attack …
Gaia Software reports data breach exposing personal and …
LastPass stolen seed phrases used to steal $4.4 …