Ransomware victim disclosure
← All victimsIKEA Morocco IKEA Kuwait
Claimed by Vicesociety · listed 4 years ago
Status timeline
- ListedNov 28, 2022
- Data leakeddate unknown
At a glance
- Group
- Vicesociety
- Status
- Data leaked
- Country
- Morocco
- Sector
- Retail & Consumer
- Listed on leak site
- Nov 28, 2022
About the victim
AI dossier — public-source company profileIKEA Morocco and IKEA Kuwait are franchise or licensed retail operations of the global IKEA brand, selling home furnishings, furniture, and household goods. IKEA is one of the world's largest furniture retailers, operating through a network of large-format stores. The specific regional entities targeted serve customers in Morocco and Kuwait respectively.
- Industry
- Retail & Consumer Goods – Home Furnishings
Attack summary
Severity: medium — Data is listed as published (disclosed status: data_published), indicating confirmed exfiltration; however, no details on the nature, volume, or sensitivity of the data are provided in the leak post, and no proof files or data inventory are described, limiting severity assessment to medium.Vicesociety claims an attack on IKEA Morocco and IKEA Kuwait with data published, suggesting exfiltration of company data; the leak post text is primarily marketing copy from IKEA, with no explicit description of the data stolen or encryption activity.
What the group claims
We believe that no matter what we do in life, we should always try to be the absolute best at it. At IKEA we focus on being the best at ordinary everyday things. Because to us, the ordinary everyday contains the best of life. We want to be Extraordinary at the ordinary for you.
Source
Indexed 4 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

