HQ/EMEAFind out how we can help your business
Fourlis Group, which operates IKEA in Greece, Cyprus, Romania, and Bulgaria, recently reported that a ransomware attack just before Black Friday in November last year resulted in losses of at least $22 million.
The security incident became public knowledge the following month when the group acknowledged that IKEA’s online store cybersecurity issues stemmed from a “malicious external action.”
Although it runs Intersport, Foot Locker, and Holland & Barrett in the same regions, the attack primarily affected IKEA operations.
A press release issued earlier this week revealed that the incident also temporarily disrupted in-store top-up, significantly impacting the Home Furnishings segment (IKEA stores) and e-commerce activities from December 2024 through February this year.
The CEO of the IKEA operator stated that the ransomware attack would cost millions of dollars in sales.
According to reports, the Fourlis Group CEO noted that the ransomware incident is projected to cost IKEA sales operations around €15 million up to December 2024. Moreover, the incident could still cost an additional €5 million this year.
The CEO also emphasised that the group did not pay the ransomware operators and restored its systems with the aid of external cybersecurity experts. This affected company reported that it successfully prevented several attacks following the initial breach.
Furthermore, its ongoing investigation uncovered no signs of data theft or leaks related to the incident. Still, Data protection authorities in all four countries of concern were notified as mandated.
The press release also claimed that the temporary unavailability of some data due to the incident was nearly resolved immediately, and the technical forensic report indicated that no personal data was leaked.
Several months after the attack, no ransomware group has claimed credit for it. Experts suspect that the perpetrators are trying to save face due to their failure of operations and their inability to exfiltrate data or hope for a private resolution with the victim.
Despite these assurances, potentially impacted parties must remain cautious with their digital presence since there is no limit to a threat actor’s malicious capabilities.
