Cyber Incident Victim: IKEA

On November 27, 2024, Fourlis Group experienced a technical disruption affecting its digital and electronic systems across all operational territories, including Greece, Cyprus, Bulgaria, and Romania. The incident was subsequently confirmed to stem from a malicious external action, though the specific nature of the attack vector or threat actor was not disclosed. The disruption impaired normal business operations during a period of heightened commercial activity following Black Friday, though the company emphasized its physical stores remained open and continued customer service. Initial assessments confirmed the incident did not compromise suppliers or partners domestically or internationally. Fourlis Group activated its incident response protocols promptly, engaging both internal technical departments and specialized external partners to investigate and contain the breach. No evidence of personal data exfiltration or unauthorized access to sensitive information was identified during the initial forensic examination.

The Group’s response adhered to General Data Protection Regulation (GDPR) requirements, with notifications submitted to relevant Data Protection Authorities as a precautionary measure despite the absence of confirmed data exposure. Management prioritized maintaining operational continuity while remediation efforts progressed, acknowledging the challenge of managing increased customer traffic amid system disruptions. Ongoing investigations focused on restoring full system functionality and determining the scope of infrastructure compromise. Fourlis Group maintained public transparency through its press release dated December 2, 2024, reiterating commitments to stakeholders while withholding technical specifics to avoid compromising security protocols. No further details regarding attack attribution, financial impact, or long-term operational adjustments were disclosed at the time of reporting.