Cybersecurity incident disrupted IKEA operations across multiple countries just before Black Friday
The IKEA ransomware attack that struck just two days before Black Friday in late 2024 has cost Fourlis Group, the company operating IKEA stores in several European countries, tens of millions of dollars. The attack specifically impacted IKEA assets in Greece, Cyprus, Bulgaria, and Romania.
In a recent financial report, Fourlis Group disclosed that the cyberattack severely disrupted its furnishing segment, which includes all IKEA retail operations under its management. The company confirmed that these disruptions were temporary but had a significant short-term impact on business performance.
Two-week disruption to systems and services
Local media reports revealed that the cyberattack caused operational issues that lasted for over two weeks. It disrupted both online store functionality and the customer management system, key components of IKEA’s sales and service infrastructure in the affected regions.
€15 million in lost sales reported
According to Fourlis Group’s financial statement, the IKEA ransomware attack directly caused a €15 million ($17 million) drop in sales during the affected period.
“In late 2024, we faced a cybersecurity incident that temporarily disrupted operations. However, we responded swiftly and effectively, protecting data, restoring systems, and safeguarding the Group’s profitability,”
— Fourlis CEO, as quoted in the company’s press release
Company confirms full recovery by March 2025
Fourlis has confirmed that as of March 2025, all its IT systems were fully restored. The press release emphasizes that the impact of the attack has now been completely eliminated.
No ransom payment made, attackers remain unidentified
The company reportedly did not pay any ransom to the attackers. Instead, it chose to absorb the damage and focus on reinvesting in IT infrastructure. This approach raises concerns, as data exfiltration is common in ransomware attacks, and attackers often publish stolen data if no ransom is paid.
To date, no ransomware group has claimed responsibility for the incident.
IKEA has faced ransomware attacks before
This is not the first time that IKEA stores have been targeted. In 2022, the ransomware group Vice Society breached IKEA locations in Morocco and Kuwait, listing the company on its dark web leak site.
