Ingram Micro Americas $50-$1,500 Data Breach Settlement for Compromised Personal Data

In July 2025, Ingram Micro Americas — a major global IT distributor — disclosed a data breach that exposed customers’ and partners’ personal information, prompting a class action that has been resolved with a proposed settlement offering claimants $50 to $1,500 (deadline 5/19/26; no proof of loss required). Plaintiffs alleged the company failed to adequately protect sensitive data and to provide timely notice as required by state breach-notification statutes; the settlement is meant to compensate impacted individuals and avoid protracted litigation. For affected people the no-proof requirement lowers the bar to recovery, but the modest payout range reflects a common outcome where broad harms are hard to quantify for each claimant. This case fits a larger pattern of litigation and enforcement following high-profile incidents (Equifax, Target, supply-chain compromises like SolarWinds) that spotlight vendor risk and the cascading effects of breaches in the technology supply chain. Regulators and laws — from the FTC’s unfair-practices authority to state privacy statutes and, for EU residents, GDPR — increasingly push companies toward stronger cybersecurity, vendor oversight, breach-prevention measures, and faster notification; settlements like this one both penalize security lapses and create incentives for firms to invest in controls to avoid similar class actions.