- Pax8 employee mistakenly emailed spreadsheet exposing data of around 1,800 customers
- File contained 56,000 entries with organization names, SKUs, licenses, and renewal dates
- Pax8 requested deletion; criminals reportedly attempted to buy the leaked list
Pax8, a cloud commerce marketplace for Managed Service Providers (MSP), has confirmed that it inadvertently exposed sensitive data on approximately 1,800 of its customers after an employee mistakenly sent an email with an attachment.
The company notified affected businesses about the incident in a follow-up email.
“Earlier today, 13 January 2026, a Pax8 employee mistakenly sent an email with an attached spreadsheet to fewer than 40 UK-based partners,” the email stated. “The attachment did not contain personally identifiable information. However, the file included limited internal business information reflective of your Pax8 pricing and some Microsoft program management.”
Millions in Damages
The email, titled “Potential Business Premium Upgrade Tactic to Save Money”, included internal pricing and Microsoft program information primarily affecting UK businesses, along with one in Canada.
After reaching out to a few recipients, BleepingComputer learned that the attached CSV file contained customer organization names, Microsoft SKUs, license counts, and New Commerce Experience (NCE) renewal dates.
The document included over 56,000 entries, detailing:
- Partner Name and ID
- Customer Name and ID
- Vendor Name and Product Name
- Gross & Net Bookings
- Currency Total Quantity
- Territory
- Account Owner
- Provision Date
- Cancelled Book Date
- Postal Code
- Transaction Type
- Commitment Term End Date
Pax8 stated that the leak will not affect Marketplace availability or security controls and has reached out to all recipients, requesting the emails be deleted and not further distributed.
Reports indicate that cybercriminals have been contacting recipients, attempting to purchase the leaked list. Fortunately, the information has not yet appeared on the dark web, suggesting that it has not been sold.
Pax8 currently has over 47,000 partners globally and operates in 18 countries.