Pax8 Accidentally Exposes MSP Customer and Microsoft Licensing Data in Email Mishap
Cloud marketplace and distributor Pax8 has confirmed an accidental data exposure after an internal email containing a spreadsheet with sensitive business information including MSP customer and Microsoft licensing data was mistakenly sent to fewer than 40 UK-based partners on January 13, 2026.
The email, titled "Potential Business Premium Upgrade Tactic to Save Money," was sent by an EMEA-based strategic account manager and included a CSV attachment with internal pricing and Microsoft program details affecting approximately 1,800 partners, primarily in the UK, with one in Canada. Recipients reported that the file contained customer organization names, Microsoft SKUs, license counts, and New Commerce Experience (NCE) renewal dates, along with over 56,000 entries detailing fields such as:
- Partner and customer names/IDs
- Vendor and product names
- Gross and net bookings
- License quantities and commitment terms
- Postal codes and account ownership details
Pax8 immediately attempted to recall the email and followed up with recipients, requesting deletion of the message and attachment. The company stated that the file did not contain personally identifiable information (PII) but included confidential business data, such as pricing structures and Microsoft program management details information typically restricted to the MSP and Pax8.
In a follow-up notice, Pax8 confirmed it had contacted all recipients directly, required confirmation of deletion, and launched an internal review to prevent future incidents. The company emphasized that the exposure posed no impact to marketplace security or availability.
However, threat actors have reportedly begun targeting affected MSPs, attempting to purchase copies of the exposed dataset. The leaked information could be valuable to competitors revealing customer portfolios, contract renewal timelines, and pricing tiers or to cybercriminals, who could use it to craft targeted phishing campaigns, business email compromise (BEC) attacks, or extortion attempts tied to license renewals.
Pax8, a fast-growing cloud commerce platform with 1,700+ employees, 47,000+ partners, and $2 billion in annual revenue, operates in 18 countries and has seen significant expansion in Europe. The company later confirmed the incident to BleepingComputer, aligning with its public statements.
Pax8 TPRM report: https://www.rankiteo.com/company/pax8
"id": "pax1768401344",
"linkid": "pax8",
"type": "Breach",
"date": "1/2026",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'customers_affected': 'Approximately 1,800 partners '
'(primarily UK-based, one in '
'Canada)',
'industry': 'Technology, Cloud Services',
'location': 'Global (HQ in Denver, Colorado, USA)',
'name': 'Pax8',
'size': '1,700+ employees, $2B+ annual revenue',
'type': 'Cloud Marketplace and Distributor'}],
'attack_vector': 'Accidental Disclosure',
'customer_advisories': 'Partners notified via email, public disclosure via '
'BleepingComputer',
'data_breach': {'data_exfiltration': 'Potential (threat actors reportedly '
'seeking the dataset)',
'file_types_exposed': 'CSV',
'number_of_records_exposed': '56,000+ entries',
'personally_identifiable_information': 'No',
'sensitivity_of_data': 'Medium (no PII, but sensitive '
'business and licensing data)',
'type_of_data_compromised': 'Internal business information, '
'Microsoft licensing data, '
'customer organization details, '
'partner pricing information'},
'date_detected': '2026-01-13',
'date_publicly_disclosed': '2026-01-13',
'description': 'Pax8 mistakenly sent an email to fewer than 40 UK-based '
'partners containing a spreadsheet with internal business '
'information, including MSP customer and Microsoft licensing '
'data. The file included details such as customer organization '
'names, Microsoft SKUs, license counts, and New Commerce '
'Experience (NCE) renewal dates.',
'impact': {'brand_reputation_impact': 'Yes',
'data_compromised': 'Internal business information, Microsoft '
'licensing data, customer organization names, '
'Microsoft SKUs, license counts, NCE renewal '
'dates, partner and customer IDs, vendor and '
'product names, gross & net bookings, '
'currency, territory, account owner details, '
'provision dates, cancelled book dates, postal '
'codes, transaction types, commitment term end '
'dates',
'identity_theft_risk': 'No (no PII exposed)',
'operational_impact': 'Potential competitive disadvantage due to '
'exposure of pricing and licensing details'},
'initial_access_broker': {'data_sold_on_dark_web': 'Potential (threat actors '
'reportedly seeking the '
'dataset)'},
'investigation_status': 'Ongoing (internal review)',
'post_incident_analysis': {'corrective_actions': 'Internal review to prevent '
'recurrence, enhanced '
'training or safeguards for '
'sensitive data handling',
'root_causes': 'Human error (accidental email '
'disclosure)'},
'references': [{'date_accessed': '2026-01-13', 'source': 'BleepingComputer'}],
'response': {'communication_strategy': 'Follow-up email to partners '
'acknowledging the error and '
'requesting deletion, public notice '
'via BleepingComputer',
'containment_measures': 'Email recall, direct contact with '
'recipients to request deletion, '
'confirmation of deletion and '
'non-forwarding, 1:1 follow-up calls',
'incident_response_plan_activated': 'Yes',
'remediation_measures': 'Internal review to determine cause and '
'prevent recurrence'},
'stakeholder_advisories': 'Partners advised to delete the email and '
'attachment, no further action required',
'title': 'Pax8 Accidental Disclosure of Internal Business and Microsoft '
'Licensing Data',
'type': 'Data Leak'}