Let’s update on Ingram Micro’s system restoration. Ingram Micro has begun the process of reactivating customer ordering capabilities following a ransomware attack that temporarily disabled its systems. The company announced that it is gradually restoring these capabilities region by region, stating that the unauthorized access to its systems is now contained and affected systems have been remediated. Ingram Micro, which generates approximately $190 million in revenue each working day, confirmed that while customers can start placing orders for subscriptions and products via phone and email, hardware orders remain limited. The distributor reported revenues of $12.28 billion in its most recent quarter, highlighting the financial impact of the downtime. However, customers have expressed concerns about the lack of communication from Ingram Micro regarding the ongoing situation and the potential impact on data security. The company had attributed the outage to a ransomware attack, which was claimed by the SafePay group.
Why do we care?
Ingram Micro’s ransomware recovery is moving forward, but the bigger story may be how they’ve handled the breach publicly—or more accurately, how they haven’t.
Ingram’s initial response was silence. It took days before they confirmed a ransomware attack, leaving partners in the dark as orders piled up and customer frustration grew.
Even now, Ingram has offered no insights into how the breach occurred, what systems were compromised, or whether customer/vendor data was accessed or exfiltrated. For a company doing $190M in daily revenue, that’s a troubling lack of communication.
For MSPs and resellers reliant on Ingram for hardware and subscriptions, this wasn’t just an inconvenience—it disrupted supply chains and strained customer trust. Many had to scramble for alternative distributors or delay deployments, all while fielding tough questions from their clients.
Some will argue Ingram is playing it safe on legal advice, particularly if an investigation or regulatory process is underway. But in today’s environment, silence erodes trust faster than it protects liability. Compare this to other major vendors who’ve experienced attacks but communicated quickly and clearly—even if the initial details were limited.
This is also a reminder for MSPs: you are judged by how you communicate in a crisis, not just how fast you restore systems.
Ask tough questions now:
- Does your distributor have a clear incident response and disclosure plan?
- Do you have multi-distributor procurement strategies to avoid single points of failure?
- Can you communicate more effectively to your own customers than Ingram has?
This incident isn’t just about Ingram—it’s a case study in how not to manage breach communications. The MSPs who learn from it will be better positioned when—not if—they face similar pressure.