395/68 Thursday, October 9, 2025
Avnet, a leading U.S.-based distributor and designer of electronic components with operations in over 125 countries, has confirmed a data breach after unauthorized actors gained access to a database hosted on an external cloud service used in the Europe, Middle East, and Africa (EMEA) region. The company emphasized that the stolen data cannot be read without Avnet’s proprietary tools, and that its core systems remain unaffected by the incident.
Hackers claimed to have stolen over 1.3 terabytes of data, including operational information from multiple regions, and published samples on the dark web to pressure Avnet into paying ransom. According to the company, most of the stolen data consists of sales histories, marketing opportunities, and customer contact lists such as employee emails—information that does not qualify as sensitive personal data under GDPR.
Avnet clarified that the breach was limited to a single system within the EMEA region and had no impact on its global operations. After detecting the attack on September 26, 2025, the company immediately reset all credentials and passwords associated with its Azure/Databricks environment, reported the incident to relevant authorities, and is preparing to notify customers and partners directly affected by the breach.
