Avnet, one of the world’s largest electronic components distributors, has confirmed a cybersecurity incident impacting an externally hosted cloud storage environment supporting an internal sales system in the Europe, Middle East, and Africa (EMEA) region. The company stated that the stolen information cannot be easily read without access to its proprietary sales tool, which remains secure and unaffected by the breach.
A company spokesperson said Avnet detected unauthorized access on September 26 and immediately began rotating all credentials and secrets across its Azure and Databricks environments. The company added that the incident was contained the same night and that no further signs of malicious activity were observed afterward.
“Avnet recently identified unauthorized access to externally hosted cloud storage supporting an internal sales tool used in EMEA,” the spokesperson said. “Most of the data is not easily readable without access to Avnet’s proprietary sales tool, which remains secure and was not impacted by this event.”
Avnet, headquartered in Phoenix, Arizona, operates in over 125 countries with approximately 15,000 employees and reported annual revenue of $22 billion. The company emphasized that the incident was confined to a single external system and did not disrupt its global operations or other business systems.
Exfiltrated Data Includes Plaintext Samples but No Sensitive Identifiers
According to Avnet, while portions of the stolen data were found in plaintext, the majority of exfiltrated records cannot be interpreted without access to its proprietary tool. The plaintext data reportedly included some personally identifiable information (PII), though the company clarified that none of it met the definition of sensitive information under the General Data Protection Regulation (GDPR).
Avnet said the majority of the dataset comprises historical point-of-sale records, sales opportunity data, and customer contact information such as employee email addresses. These records were stored in a database hosted by a third-party service provider and used to support internal sales functions for the EMEA region.
A threat actor who claimed responsibility for the attack has published samples of the stolen data on the dark web to pressure Avnet into paying a ransom. The actor stated that their motives were purely financial and warned that they would leak additional data if payment demands were ignored.
However, Avnet confirmed it has not engaged in ransom discussions and has instead reported the breach to law enforcement and regulatory bodies. The company is now working with cybersecurity experts to verify the scope of the incident and assess the potential impact on customers and suppliers.
Threat Actor Activity and Company Response to Prevent Escalation
The unidentified threat actor set up a leak site to publish sample data and pressure Avnet into payment. The company responded by initiating full credential rotations, securing access to affected assets, and verifying that its proprietary sales application remained uncompromised.
Avnet said its investigation indicates the attack was limited to one cloud-hosted environment. No evidence has emerged to suggest that internal systems, networks, or production environments were breached. The company noted that despite the limited scope, it acted swiftly to ensure containment and minimize operational disruption.
“Most of the stolen data cannot be accessed or interpreted without our internal tool,” Avnet reiterated, adding that “no sensitive customer or supplier data, as defined under regulatory standards, was compromised.”
Cybersecurity experts note that even partially readable data can be leveraged in social engineering or phishing campaigns, especially when contact details or transactional information are exposed. Avnet has therefore advised partners and clients to remain cautious about unsolicited messages and verify communications from Avnet through official channels.
Investigation and Ongoing Notifications to Impacted Stakeholders
Avnet has confirmed that the incident was reported to relevant authorities and said it will directly notify all impacted customers and suppliers once investigations conclude. The company added that it is conducting a forensic review to determine whether any decrypted or reconstructed data has surfaced and to identify which records may have been accessed or exfiltrated.
The company stated that it has already taken “comprehensive steps to secure affected systems, rotate credentials, and restrict access” to prevent similar incidents in the future. Avnet has also begun cooperating with law enforcement agencies and cybersecurity regulators to ensure compliance with applicable breach disclosure obligations.
The company has not disclosed the total number of affected individuals but said it is actively assessing the scale and preparing notifications in accordance with data protection laws. Avnet emphasized that the attack did not affect its core operations or cause business interruptions beyond the affected EMEA system.
“Avnet is continuing to evaluate the nature and extent of the data accessed,” the spokesperson added. “We are also in the process of directly contacting any customers or suppliers whose data may have been involved in the incident.”
Broader Implications of External Cloud Vulnerabilities
The breach underscores an increasing trend in which attackers exploit cloud-hosted environments that store internal business data but sit outside traditional corporate perimeters. These environments, often used for analytics or regional sales support, can contain valuable information that becomes a target when authentication or access controls are not consistently enforced.
Security analysts highlight that even if data is stored in unreadable formats, it can still be weaponized by adversaries with time, resources, or knowledge of the system’s structure. Organizations relying on third-party hosted environments are therefore urged to maintain continuous monitoring, ensure regular credential rotations, and implement strong identity controls.
Avnet’s rapid detection and containment efforts have helped prevent further compromise, but the incident adds to a growing list of supply-chain and cloud-exposure breaches observed across global enterprises in 2025.
