Pax8 Data Leak Exposes 1,800 MSP Partners
Learn More
Cloud commerce marketplace Pax8 accidentally leaked internal business data on January 13, 2026. An employee sent an email titled "Potential Business Premium Upgrade Tactic to Save Money" to fewer than 40 partners in the United Kingdom. This email included a CSV spreadsheet meant for internal use only. The file contained sensitive details of approximately 1,800 managed service providers (MSPs) and their customers, primarily located in the UK and Canada.
The leaked file had over 56,000 entries. The exposed data items include:
- Partner names and IDs
- Customer names and IDs
- Microsoft SKUs and license counts
- Gross and net bookings
- Contract renewal dates (NCE)
- Postal codes and territories
- Account owner names and IDs
- Vendor and product names
- Transaction types and commitment terms
Pax8 claims the file did not contain personally identifiable information (PII), but the leak can be used by competitors with the present pricing and renewal dates to target and poach clients.
Reports indicate that threat actors are already trying to buy copies of the dataset from the recipients. Criminals can use this list to build better phishing attacks or time extortion attempts to match contract renewals.
Pax8 tried to recall the email immediately after the mistake. They asked all recipients to delete the file and confirm they did not share it. The company is now calling each recipient to ensure the data is destroyed.
