Prolonged power outage lasting over 14 hours at Ingram Micro ceases customer orders worldwide.
Ingram Micro, a leading IT distributor, is currently experiencing widespread outages across its websites and client service portals, following a ransomware attack involving the SafePay malware. The incident was initially detected on July 3, 2025, at around 8:00 AM Eastern Time.
The attack exploited vulnerabilities in Ingram Micro's legacy systems and misconfigurations within its business applications, facilitating the ransomware's infiltration and lateral movement across internal networks. In response, the company took certain systems offline proactively to contain the threat, which further contributed to the outage.
The outage has caused major disruptions in both internal operations and customer-facing services. Partners and managed service providers have been unable to place orders, manage services, or access client portals. The attack lasted approximately 48 hours, significantly affecting global supply chain operations. With Ingram Micro reporting a revenue of $12.28 billion in Q1 ended March 29, 2025, the downtime threatened a daily sales loss estimated at over $136 million during the outage period.
The recovery involves isolating affected systems and deploying emergency patches under expert guidance while managing the impact on global supply chains and customer services. Ingram Micro has communicated the incident publicly, apologising for the disruption and confirming ongoing efforts to restore systems with the help of cybersecurity experts and law enforcement.
However, there has been a lack of communication from Ingram Micro regarding the ongoing outages, with customers expressing concerns about the lack of updates. Attempts to contact sources within the company via email and phone have been unsuccessful. The Ingram Micro UK website is currently displaying a maintenance splash page, and local websites are providing contact details for sales and customer service teams.
Some Reddit users have speculated that the outages may be due to malicious activity, with emails to account managers reportedly bouncing back. As of the time of reporting, Ingram Micro has not responded to requests for more information. The Ingram Micro mobile app is reportedly working but purchases are not completing.
This is a developing story, with updates expected to be provided as they become available. Ingram's partner portal is currently unavailable, affecting the management of Microsoft 365 licenses, Dropbox licenses, hardware purchases, and more. The outages began around 2000 UTC on the previous day, as reported by Reg readers and social media.
Sources: [1] The Register: Ingram Micro hit by ransomware attack, confirms outage [2] ZDNet: Ingram Micro suffers ransomware attack, confirms outage [3] CRN: Ingram Micro Hit by Ransomware Attack, Suffers Global Outage [4] BleepingComputer: Ingram Micro hit by ransomware attack, confirms outage, says systems are being restored
- The ransomware attack on Ingram Micro, a leading IT distributor, involved the penetration and movement of the SafePay malware across its legacy systems and misconfigured business applications, which are integral components of hardware and software technology.
- The finance industry is significantly impacted by the outages, as Ingram Micro's downtime poses a daily sales loss of over $136 million, and businesses rely on its platforms for Microsoft 365 licenses, Dropbox licenses, and hardware purchases, sectors that constitute crucial parts of the technology-driven business landscape.
- As technology companies in the cloud industry continue to evolve and integrate AI solutions, the implications of this cyberattack underscore the growing importance of safeguarding vital data infrastructures, for without robust security measures, businesses may face similar disruptions and potential loss in the digital era.
- The success of Ingram Micro in restoring its cloud-based services, client portals, and websites will depend on the effective collaboration between the company, cybersecurity experts, and law enforcement to identify vulnerabilities, deploy emergency patches, and manage the subsequent recovery process, with updates assured to the wider industry and customers.
