View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
November 28, 2022

Ikea cyberattack? Retailer’s data posted on Vice Society dark web blog

Information from two of the retailer's stores has been posted online, suggesting its systems have been breached.

By Claudia Glover

Data apparently belonging to retail giant IKEA has appeared on the dark web blog of data extortion gang Vice Society. Information from branches in Morocco and Kuwait, possibly including passport data of employees, has been exposed by the gang

Ikea data has reportedly been found on the dark web blog of data extortion gang Vice Society. (Photo by NP27/Shutterstock)

Swedish company Ikea has 420 stores spread across 50 countries, and posted revenue of more than €40bn last year.

Ikea data appears on Vice Society blog

The illicit data was reportedly stolen from the company’s systems a few weeks ago and posted online last week.

File and folder names could indicate that the data includes the passport details of Ikea employees. Leaked information from branches in Jordan may have also been posted to the blog.

The data is posted alongside a passage of what appears to be an excerpt from an Ikea promotional campaign. “We believe that no matter what we do in life, we should always be the absolute best at it,” it reads, in what appears to be a mocking tone.

It is not clear if a ransom demand has been issued or paid, but the fact that Vice Society has posted the information on its blog could indicate that Ikea has refused to comply with any demands it has made. Tech Monitor has contacted Ikea for comment but had not received a reply at the time of publication.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

Ikea’s second cyberattack in a year?

Ikea was also the victim of a cyberattack in November last year. Called a “reply-chain email attack,” threat actors stole corporate credentials from the company’s network and used them to reply to emails with phishing links to malicious documents that install malware on recipients’ devices. 

The attack went on for several days and the company was forced to open an investigation into the incident. “It is of our highest priority that Ikea customers, co-workers and business partners feel certain that their data is secured and handled correctly,” a spokesperson said at the time.

This attack was carried out using malware called SquirrelWaffle.

Vice Society sees its profile rise

Vice Society is believed to be a Russian-speaking data exfiltration and extortion group. Its primary targets are the education and health sectors, particularly in the US.

In the UK it is thought to have been behind an attack on six schools, as well as a breach at the convenience store chain Spar.

CISA and the FBI released a joint advisory in September including techniques, tactics and procedures for how the gang infiltrates systems in the education sector, as schools were aggressively targeted by the gang this year. 

According to the advisory, “The FBI, CISA, and the MS-ISAC [the US centre for internet security] have recently observed Vice Society actors disproportionately targeting the education sector with ransomware attacks, especially kindergarten through twelfth grade (K-12) institutions. The FBI, CISA, and the MS-ISAC anticipate attacks may increase as the 2022/2023 school year begins and criminal ransomware groups perceive opportunities for successful attacks.”

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.