Staggering $23 Million Ransomware Hit on IKEA’s Eastern European Operations

Overview of the Cyberattack

Fourlis Group, which manages IKEA stores in Greece, Cyprus, Romania, and Bulgaria, reported a severe ransomware attack just before the peak shopping period of Black Friday on November 27, 2024. This cyber onslaught led to financial damages amounting to approximately €20 million ($22.8 million).

Public Disclosure and Impact

The breach was officially disclosed on December 3, 2024, revealing that the technical issues plaguing IKEA’s online stores were the result of “malicious external action.” Despite Fourlis Group’s diverse portfolio, which includes Intersport, Foot Locker, and Holland & Barrett stores, the IKEA retail segment suffered the most substantial impact.

Disruptions and Financial Loss

According to a recent press release, the incident led to significant disruptions in store replenishments and e-commerce from December 2024 through February 2025, predominantly affecting the home furnishings segment.

Company’s Response and Recovery

Fourlis Group CEO Dimitris Valachis emphasized that the total estimated impact on IKEA’s sales operations would likely reach €15 million by the end of December 2024, with an additional €5 million projected for 2025. Valachis highlighted that the ransom demands were not met, and the company managed to restore its systems with the assistance of cybersecurity professionals.

Further bolstering their defenses, Fourlis Group successfully repelled several subsequent cyberattacks following the initial breach. They confirmed that the investigations found no evidence of data theft or leakage. The group ensured compliance with legal requirements by notifying data protection authorities across the four involved nations.

Long-term Effects and Ongoing Safety Measures

The press release also mentioned that the temporary data unavailability was swiftly remedied, and forensic investigations did not indicate any personal data leaks. Months after the incident, no ransomware group has acknowledged responsibility, possibly due to the unsuccessful data exfiltration or hopes for a resolution behind closed doors.

This incident acts as a stark reminder of the vulnerabilities in the digital infrastructure of even well-established retail giants and underscores the importance of robust cybersecurity measures.