Cyber Incident Victim: IKEA Kuwait

On or around November 29, 2022, the Vice Society ransomware gang executed a cyber attack against IKEA's operations in Kuwait and Morocco, resulting in the theft and public leakage of confidential business data. The attackers compromised internal systems and exfiltrated sensitive information, subsequently publishing it on their dedicated leak site as part of their extortion tactics. This breach caused operational disruptions across affected IKEA stores in both countries, impairing standard business functions. IKEA confirmed the security incident shortly after its discovery and initiated an investigation in coordination with relevant authorities. The leaked data reportedly included employee passport details and other personally identifiable information, exposing staff to potential identity theft risks. Vice Society’s intrusion methods were not detailed publicly, though the gang historically exploits vulnerabilities in enterprise networks.

Vice Society, active since 2020, primarily targeted educational and healthcare institutions prior to this attack but expanded to the retail sector through the IKEA compromise. The group listed IKEA among 125 victims on its leak platform, indicating a broad victim portfolio despite its sector specialization. IKEA had previously experienced email reply-chain attacks in 2021 but had not faced ransomware incidents of this scale in recent years. The Kuwait and Morocco stores represent part of IKEA’s regional presence, which also includes operations in Jordan. No customer data breaches were confirmed, though business continuity impacts persisted during the investigation. The incident underscored Vice Society’s evolving focus on diverse industries beyond its traditional targets.