Avnet Confirms 1.3TB Data Breach, Claims Stolen Files Are “Unreadable”

The American electronics distributor Avnet has confirmed a data breach, but stated that the stolen information cannot be read without the company’s proprietary internal tools. In a statement to BleepingComputer, an Avnet representative reported that unauthorized access had been gained to a database hosted on an external service, linked to its regional operations in Europe, the Middle East, and Africa (EMEA). According to the spokesperson, attackers compromised a cloud repository supporting an internal sales application, while the company’s core systems remained secure and unaffected.

Avnet, a Fortune 500 corporation, operates distribution and engineering centers in 125 countries, employs roughly 15,000 people, and reports an annual revenue of around $22 billion. Sources cited by BleepingComputer claim that the hacker responsible for the attack boasted of stealing 1.3 terabytes of compressed data (equivalent to 7–12 terabytes uncompressed), including records from Avnet’s EMEA operations and other regions. The attacker alleged that the breach was discovered on September 26, prompting the company to immediately rotate all Azure and Databricks access keys, a process reportedly completed the same day. No further signs of malicious activity were observed afterward.

The hacker, by his own admission, was motivated solely by financial gain. He launched a darknet site where he published samples of the stolen files to pressure the company into paying a ransom. Among the leaked materials were plain text files containing personal data. Avnet confirmed the presence of such files but clarified that they contained no sensitive information qualifying under GDPR. The majority of the compromised data, according to the company, consisted of historical sales records, lists of potential clients, and employee contact details, including corporate email addresses.

Avnet emphasized that the incident was limited to a single cloud service and did not impact its global network operations. The company has notified regulatory authorities and pledged to directly contact all customers and partners whose data may have been exposed. The exact number of affected individuals has yet to be determined.

Support Our Threat Intelligence

If you find our technology report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal Crypto

USDT (TRC20):

TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm Copy

USDT (ERC20):

0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce Copy