Ransomware victim disclosure
← All victimsIKEA
Claimed by Hunters International · listed 9 months ago
Status timeline
- ListedOct 3, 2025
- Data leakeddate unknown
At a glance
- Status
- Data leaked
- Country
- Sweden
- Sector
- Consumer Services
- Listed on leak site
- Oct 3, 2025
About the victim
AI dossier — public-source company profileIKEA is a Swedish multinational retailer founded in 1943 by Ingvar Kamprad, headquartered in Älmhult, Sweden. The company designs and sells ready-to-assemble furniture, kitchen appliances, and home accessories through more than 400 stores across approximately 50 countries. It is one of the world's largest furniture retailers, known for its flat-pack product format and affordable pricing.
- Industry
- Furniture & Home Furnishings Retail
- Address
- Älmhult, Sweden (registered headquarters); operational HQ at IKEA Sverige AB, Box 700, SE-343 81 Älmhult, Sweden
- Employees
- 220000
- Founded
- 1943
Attack summary
Severity: medium — Status is 'data_published', indicating some data release has occurred, but the leak post is AI-generated boilerplate with no specifics on data type, volume, or sensitivity, and no proof files or inventory are described, preventing a higher severity classification.Hunters International claims to have compromised IKEA and has published data as of the disclosed status 'data_published'; however, the leak post provides no specific detail on whether files were encrypted or exfiltrated, and no data volume, file count, or sample inventory is described.
Original description
AI-summarised, not from the leak postIKEA is a Swedish-based multinational company that designs and sells ready-to-assemble furniture, kitchen appliances, and home accessories. It's known worldwide as an industry leader for affordable, modern, flat-packed furniture. Founded in 1943 by Ingvar Kamprad, IKEA has over 400 stores in 50 countries, making it one of the largest furniture retailers globally.
Source
Indexed 9 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

