Cloud marketplace Pax8 has confirmed a significant data leak involving internal business information for approximately 1,800 managed service provider partners. On January 13, 2026, an email mistakenly sent to fewer than 40 UK-based partners included a spreadsheet detailing customer organization names, Microsoft licensing data, and other sensitive information. Pax8, which operates in 18 countries and has over 47,000 partners worldwide, reported that while the leaked data did not contain personally identifiable information, it could still expose pricing strategies and business practices. The company is taking immediate actions, including contacting recipients for deletion of the email and conducting follow-up calls to prevent further dissemination of this sensitive data. Reports indicate that threat actors are already attempting to purchase copies of the exposed dataset, which could be exploited for competitive intelligence or targeted cyber attacks.
Pax8 has reported significant growth in the EMEA region, expanding its partner base and introducing new AI initiatives. The company added thousands of partners across Europe in 2025, growing its global partner network to over 47,000, and achieving a remarkable three-year revenue increase of 239%. To enhance local engagement, Pax8 opened new offices in Zurich and Dublin, deploying local sales teams to support partners directly.
Cork Cyber has announced a partnership with Pax8, allowing managed service providers (MSPs) to purchase its Cyber Risk Intelligence Platform, Cork Vantage, directly through the Pax8 Marketplace starting January 15, 2026. Cork Vantage integrates with over 100 cyber tools to provide unified visibility into cyber risk across clients and endpoints, along with financial resilience offerings, including coverage for wire fraud and ransomware recovery costs. This collaboration aims to streamline the purchasing process for MSPs, enabling them to manage risk and validate their security posture through a single billing channel. Cork Cyber’s solutions are now accessible via the Pax8 platform, which is designed to enhance the operational clarity for MSPs while helping them deliver comprehensive protection to their clients.
Why do we care?
Pax8 didn’t set out to expose partner data. But intent doesn’t matter once you’re a control point. And Pax8 is a control point now—commercially, operationally, and increasingly strategically.
The leak itself isn’t the headline. The headline is that email was still a viable failure mode for distributing ecosystem-wide intelligence. That tells you where the governance maturity line currently sits.
Now layer in growth. Tens of thousands of partners. Rapid EMEA expansion. New offices. AI initiatives. Security tooling partnerships. That’s a company moving fast—and becoming more central to how MSPs operate.
Here’s the bad MSP behavior this triggers: assuming that because Pax8 is trusted, risk is handled. It isn’t. It’s redistributed.
When threat actors try to buy leaked partner data, they’re not looking for credit cards. They’re looking for leverage—who uses what, who buys where, and who can be pressured or impersonated.
And when Cork Cyber sells risk intelligence through the Pax8 marketplace, the irony should not be lost. Risk visibility is only as good as the platform delivering it. The uncomfortable truth is that most MSPs can’t negotiate liability, can’t meaningfully exit at scale, and are still expected to explain failures they had no power to prevent.
This matters now because MSPs are building more of their business on shared infrastructure they don’t control. That’s fine—until something breaks. And when it does, the client doesn’t call Pax8. They call you.
If you benefit from platform scale, you must also plan for platform failure. If you don’t, you won’t just inherit the risk—you’ll be accountable for explaining it.