IKEA confirms it was hit in significant cyberattack

Vice Society isn’t an 80s teen drama, but a persistent threat to customer data.

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Swedish furniture powerhouse Ikea has confirmed some of its shops in North Africa and the Middle East fell victim to aransomwareattack by the ransomware gang Vice Society.

“IKEA Morocco and Kuwait faced a cyber attack, causing disruptions on someoperating systems. The attack is being investigated in collaboration with the competent authorities as well as our cybersecurity partners,” the company said in a Twitter post reported byCybernews.

IKEA also noted that these shops are under the Kuwaiti franchise, and thus separate from other IKEA companies around the world.

Sensitive data leaks

IKEA’s headquarters are in the Netherlands and has three stores in Kuwait and four in Morocco.

The attack is not recent, in all likelihood, as Vice Society has already added the sensitive files stolen in the attack to its data leak website. That likely means that the negotiations have already broken down and that the company did not meet the ransom demands.

Cybernews analyzed the data that was posted and says that some of the file names there suggest an IKEA store in Jordan was compromised, as well. The company operates two stores in that country. The data leaked might include employee passport data, it was said.

Ikea email systems bombarded by phishing attacks>What is ransomware and how does it work?>Check out our list of the best endpoint protection right now

As a major global brand, IKEA is often the target of cybercriminals. In November last year, it was reported the company’s mailboxes were the target of a major reply-all email chain attack.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

“Other Ikea organizations, suppliers, and business partners are compromised by the same attack and are further spreadingmaliciousemails to persons in Inter Ikea," the company said in an internal email sent to its employees at the time.

Vice Society, on the other hand, is a relatively new operation formed in late 2020, but one that has already compromised at least 125 organizations worldwide, perhaps most notoriously the Los Angeles Unified School District (LAUSD), which also had its data leaked afterransom negotiations broke down.

Via:Cybernews

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Washington state court systems taken offline following cyberattack

Is it still worth using Proton VPN Free?

7 myths about email security everyone should stop believing