Cyber Incident Victim: IKEA Morocco

On or around November 29, 2022, the Vice Society ransomware gang publicly listed IKEA Morocco and IKEA Kuwait as victims on its data leak site, indicating a successful cyber intrusion. The attackers exfiltrated and subsequently leaked confidential business data from both entities, compromising internal operational information. IKEA confirmed the breach and initiated an investigation in collaboration with relevant authorities, though specific technical details regarding the attack vector or initial access method were not disclosed. The incident disrupted store operations in Morocco and Kuwait, impacting business continuity. Vice Society’s leak included sensitive employee documents such as passport copies, highlighting the exposure of personally identifiable information. The ransomware group’s public posting marked an escalation to data extortion tactics after IKEA did not meet unspecified demands.

Vice Society, active since 2020, historically targeted education and healthcare sectors but expanded to retail through this attack, demonstrating a shift in victimology. The group’s leak site listed approximately 125 victims prior to the IKEA incident, though the retail giant represented one of its higher-profile compromises. The breach exposed vulnerabilities in IKEA’s regional subsidiaries, which operate stores in Morocco, Kuwait, and Jordan. This incident followed a separate 2021 email reply-chain attack affecting IKEA’s global operations, underscoring recurring security challenges. The leaked employee passport data raised concerns over identity theft risks and regulatory compliance implications. IKEA’s public acknowledgment emphasized transparency, but remediation steps and long-term operational impacts remained undisclosed in available reporting. The attack underscored Vice Society’s adaptability in targeting diverse industries despite its historical focus on public-sector organizations.