Electronic components distributor Avnet suffered a data breach after unauthorized actors accessed an externally hosted cloud storage supporting an internal sales tool in the EMEA region. The attackers exfiltrated 1.3TB of compressed data (7–12TB raw), including sensitive operational details and personally identifiable information (PII). While Avnet claimed the stolen data was unreadable without proprietary tools, leaked samples on a dark web ransomware site revealed plaintext PII, contradicting the company’s statement.The breach was detected on September 26, prompting Avnet to rotate credentials in its Azure/Databricks environments, but no public disclosure was made initially. The threat actor, motivated by financial gain, demanded a ransom and published data samples to pressure the company. Avnet confirmed the incident was isolated to a single EMEA system, with no disruption to global operations, but the number of affected individuals remains unknown. Authorities were notified, and impacted customers/suppliers are being contacted directly. The attacker’s ransomware leak site suggests potential escalation if demands are unmet.
TPRM report: https://www.rankiteo.com/company/avnet-apac
"id": "avn0892508100725",
"linkid": "avnet-apac",
"type": "Breach",
"date": "9/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Unknown (direct notification '
'planned for impacted '
'customers/suppliers)',
'industry': 'Electronic Components Distribution',
'location': 'Global (Headquartered in USA; breach '
'limited to EMEA region)',
'name': 'Avnet',
'size': '15,000 employees, Fortune 500',
'type': 'Public Company'}],
'attack_vector': ['Cloud Storage Compromise',
'Internal Sales Tool Exploitation'],
'customer_advisories': 'Direct notification planned',
'data_breach': {'data_encryption': 'Partial (some data requires proprietary '
'tools; PII samples in plaintext)',
'data_exfiltration': '1.3TB compressed (7-12TB raw)',
'personally_identifiable_information': True,
'sensitivity_of_data': 'High (includes PII in plaintext)',
'type_of_data_compromised': ['Operational Data',
'Personally Identifiable '
'Information (PII)']},
'date_detected': '2023-09-26',
'description': 'Electronic components distributor Avnet suffered a data '
'breach after unauthorized actors accessed an internal sales '
'tool hosted in cloud storage in the EMEA region. The breach '
'involved 1.3TB of compressed data (7-12TB raw), including '
'sensitive and personally identifiable information (PII). '
'While Avnet claimed most data is unreadable without '
'proprietary tools, samples shared by the threat actor '
'included plaintext PII. The company detected the breach on '
'September 26, 2023, and initiated secret rotation in '
'Azure/Databricks environments without public disclosure. The '
'threat actor, motivated by financial gain, set up a dark web '
'leak site to pressure Avnet into paying a ransom.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'PII exposure and dark web leak threats',
'data_compromised': ['Operational Data (EMEA and other regions)',
'Personally Identifiable Information (PII)'],
'identity_theft_risk': 'High (PII exposed in plaintext samples)',
'operational_impact': 'Limited to single system in EMEA; no '
'disruption to global operations',
'systems_affected': ['Externally hosted cloud storage (EMEA '
'internal sales tool)']},
'initial_access_broker': {'data_sold_on_dark_web': 'Leak site established for '
'ransom pressure',
'entry_point': 'Externally hosted cloud storage '
'(EMEA internal sales tool)',
'high_value_targets': ['EMEA operational data',
'PII']},
'investigation_status': 'Ongoing (company investigating; authenticity of '
'leaked data unconfirmed)',
'motivation': 'Financial',
'post_incident_analysis': {'corrective_actions': ['Secret rotation in '
'Azure/Databricks']},
'ransomware': {'data_encryption': 'No (data exfiltration-focused; some data '
'encrypted with proprietary tools)',
'data_exfiltration': True,
'ransom_demanded': True},
'references': [{'source': 'BleepingComputer'}],
'regulatory_compliance': {'regulatory_notifications': 'Authorities informed '
'(specific regulations '
'unspecified)'},
'response': {'communication_strategy': ['Direct notification to impacted '
'customers/suppliers',
'Statement to BleepingComputer'],
'containment_measures': ['Rotation of secrets in '
'Azure/Databricks environments'],
'incident_response_plan_activated': True,
'law_enforcement_notified': True},
'stakeholder_advisories': 'Impacted customers and suppliers to be contacted '
'directly',
'threat_actor': {'leak_site': 'Dark Web',
'motivation': 'Financial',
'ransom_demanded': True},
'title': 'Avnet Data Breach in EMEA Region',
'type': ['Data Breach', 'Unauthorized Access']}