- Global furniture retail company IKEA’s Kuwait and Morocco franchises were compromised by the Vice Society ransomware gang, resulting in disruptions for certain operating systems.
- The ransomware group Vice Society added both IKEA franchises on its leak site with the shared file names suggesting the theft of business and employee data, as well as information from Jordan-based IKEA outlets.
- Ikea confirmed the attacked and informed that an investigation of the incident is ongoing. The company highlighted that the attack impacted only its independent Kuwait-based franchises.
IKEA’s stores in Morocco and Kuwait have suffered a ransomware attack claimed by the Vice ransomware gang. The cybercrime group has published a list of victims and some samples of stolen data on the dark web.
Independently operated
IKEA is a major furniture company that originated in Sweeden. The company has 420 stores spread across 50 countries. However, IKEA shops in Morocco and Kuwait are independently operated. On a recent dark web blog, it appeared that data belonging to retail giant IKEA has been published on the dark web blog of the data extortion group Vice Society.
The alleged data seemed to be stolen from the company’s systems a few weeks ago and posted online last week. File and folder names suggested that the hackers stole employee data and may have additional information taken from IKEA outlets in Jordan as well. The company confirmed the incident in a Twitter post online.
بيان من ايكيا الكويت
Statement from IKEA Kuwait pic.twitter.com/kPhntHrZCb— IKEA Kuwait (@ikeakuwait) November 29, 2022
According to the attack date, the incident is not recent. As ransom group Vice Society posted the stolen sensitive files to its data leak website which means that the negotiations likely have already been interrupted and that the company did not meet the ransom demands. IKEA has emphasized in its statement that the attack impacting both franchises, which is owned by an independent Kuwait-based franchisee, has not impacted other IKEA retailers around the world.
This is the second time the giant furniture retailer suffered from a cyberattack within a year. Last year, in a reply-chain email attack, cyber attackers took corporate credentials from the company’s network and used them to reply to emails with phishing links to malicious documents that install malware on recipients’ devices.