Cyber Incident Victim: Fourlis Group

On November 27, 2024, Fourlis Group experienced a technical disruption impacting its digital and electronic systems across all operational territories, including Greece, Cyprus, Bulgaria, and Romania. The company later confirmed the incident stemmed from a malicious external action, though the specific nature of the attack (e.g., ransomware, malware) was not disclosed. The disruption affected internal business operations but did not extend to external supplier or partner systems in Greece or internationally. Fourlis mobilized its internal technical teams alongside specialized external partners to investigate and contain the incident, adhering to GDPR protocols and coordinating with relevant Data Protection Authorities throughout the response. Initial assessments confirmed the attack did not compromise personal data, though the company did not specify whether other types of data or systems were accessed or encrypted.

The incident occurred during a period of heightened commercial activity following Black Friday sales, presenting operational challenges for physical stores. Despite system disruptions, all retail locations remained open and continued customer service operations. Fourlis management publicly emphasized its commitment to resolving the incident swiftly, prioritizing transparency with employees, customers, shareholders, and business partners. The company issued a press release on December 2, 2024, to formally disclose the event, attributing the delay between detection and public notification to ongoing forensic analysis and containment efforts. No threat actor claimed responsibility, and Fourlis did not release details regarding attack vectors, remediation timelines, or financial impacts. The response remained focused on restoring normal operations while maintaining regulatory compliance and stakeholder communications through designated press contacts.