Fourlis Group, which operates IKEA in Greece, Cyprus, Romania, and Bulgaria, faced a major ransomware attack. The breach happened just before Black Friday, on November 27, 2024. The company reported losses of nearly €20 million or $23 million.
The public first learned about the incident on December 3, 2024. At the time, IKEA’s online stores experienced severe technical issues. Fourlis later confirmed a cyberattack caused the disruptions.
Although the group also manages Intersport, Foot Locker, and Holland & Barrett, IKEA suffered the biggest impact. Online orders and supply chains faced delays during the critical shopping season.
CEO Dimitris Valachis told local media the attack caused €15 million in damage by December 2024. The remaining €5 million in losses occurred in early 2025. The company did not pay the ransom. Instead, it partnered with external cybersecurity experts to restore operations.
Fourlis reported it blocked several follow-up attacks after the initial breach. It also alerted data protection authorities in all affected countries, complying with legal obligations.
Forensic experts examined the breach. They found no evidence of stolen or leaked personal data. Most affected systems were restored quickly. Customer information stayed secure throughout the recovery.
No ransomware group has claimed responsibility. Experts believe the attackers may have failed to steal data or hope for a private settlement.
This attack shows how vulnerable retail systems can be during peak shopping periods. Businesses must act before threats hit. Strong backups, regular training, and real-time security monitoring are essential.
At VPN Group, we stress the importance of proactive cybersecurity. Ransomware attacks like this one can cripple operations and damage customer trust. Every organization should prepare before facing such threats.
