Ingram Micro Hit by Ransomware Attack Amidst AT&T Breach Settlement
Ingram Micro Hit by Ransomware Attack Amidst AT&T Breach Settlement
On July 5, 2025, Ingram Micro, a leading IT solutions distributor, fell victim to a ransomware attack launched by the SafePay group, resulting in a significant operational shutdown. Exploiting a vulnerability in Ingram's VPN platform, attackers employed a password spraying technique to gain access, leading to a reported loss of up to $136 million per day during the downtime. The ransomware infection was confirmed on July 5, marking a critical point in the ongoing incident, which is expected to last through July 9.
In a separate but equally impactful event, AT&T received preliminary approval for a $177 million settlement linked to two significant data breaches impacting over 183 million customers. Sensitive data, including Social Security numbers and birth dates, was exposed in these incidents, highlighting the ongoing challenge of data protection in large organizations.
Also In Security Today
- Microsoft SharePoint Vulnerability: Microsoft reported a critical remote code execution vulnerability (CVE-2025-53770) affecting on-premise SharePoint servers. Organizations are urged to apply patches immediately as the vulnerability has been actively exploited.
- CitrixBleed 2 Proof-of-Concept Release: A proof-of-concept exploit for "CitrixBleed 2" has been released, allowing attackers to compromise Citrix NetScaler devices. This vulnerability poses risks particularly to sectors like finance and healthcare.
- Ongoing Ransomware Threats: The SafePay ransomware group continues to exploit vulnerabilities in VPN platforms, emphasizing the necessity for proactive security measures.