1,800 MSPs impacted in Pax8 data leak after company shared partner information via email

Cloud marketplace and distributor Pax8 has issued a warning about a security breach that saw data on around 1,800 customers exposed.

An email was sent to 40 of the company's UK-based managed service provider (MSP) customers with an attachment generally used for day-to-day operational reporting.

This contained Pax8 pricing and program-related information associated with 17 stock-keeping units within four Microsoft Modern Work product categories.

Make Password Security Your New Year's Resolution

Get 50% off Keeper Personal and Family plans, and 30% off Keeper Business Starter today!

View Deal

Almost all the customers whose data was shared were UK-based, with one located in Canada.

The email, titled "Potential Business Premium Upgrade Tactic to Save Money," was sent on January 13 and contained more than 56,000 entries in all. A follow-up email was sent immediately requesting deletion of the email, and asking recipients not to forward it.

Pax8 insists the breach did not involve any personally identifiable information (PII), authentication credentials, payment data, or any information that could enable system access.

However, the leaked data could reveal to the 40 competitors with which it was shared the MSP’s full client portfolio, what licenses they hold, and when these are due to expire, along with internal Pax8 pricing and margin information.

Threat actors are approaching affected MSPs

The data leak could help the victims' competitors poach customers by revealing which organizations use Pax8 as their distributor, the size of each customer's Microsoft environment, the timelines for contract renewal, and potentially the pricing tiers being paid.

A more sinister development has unfolded in the wake of the incident, however, with cyber criminals apparently capitalizing on the situation. According to reports from BleepingComputer, threat actors have approached some of the affected MSPs and offered to buy the data.

This information could be used by cyber criminals to craft convincing phishing attacks, for example by allowing an attacker to email a company just before their contract renewal date, pretending to be their MSP and requesting payment.

The company said it has launched an internal review to work out how the breach happened and plans to ramp up its safeguards and processes to prevent a similar incident taking place in the future.

Access instructions have now been sent to affected partners, the company revealed, allowing them to securely review information that may have been shared.

That access will be limited to the Pax8 Marketplace Primary Partner Admin and/or Partner Admin for each organization.

"Our focus continues to be on responding directly to partner questions and supporting impacted partners as they review their data and follow up with us," said the firm. "In parallel, our internal review remains ongoing as we continue to strengthen safeguards and processes."

Pax8 said partners with questions or concerns should submit a Support ticket through the Pax8 Marketplace referencing UK Partner Information Incident – Jan 13, 2026.

FOLLOW US ON SOCIAL MEDIA

Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.

You can also follow ITPro on LinkedIn, X, Facebook, and BlueSky.