IKEA
Company Details
Linkedin ID:
ikea
Website:
Employees number:
93,412
Number of followers:
3,503,996
NAICS:
43
Industry Type:
Homepage:
ikea.com
IP Addresses:
0
Company ID:
IKE_3377142
Scan Status:
In-progress
IKEA Company CyberSecurity Posture
ikea.com
The IKEA vision is to create a better everyday life for the many people. Our business idea is to offer well-designed, functional and affordable, high-quality home furnishing, produced with care for people and the environment. The IKEA Brand unites more than 200.000 co-workers and hundreds of companies with different owners all over the world. It’s one brand, but it reaches millions of hearts and homes. Our value chain is unique. It includes everything from product development, design, supply, manufacture and sales – and of course it begins and ends with our customers. The IKEA retail business is operated through a franchise system. Today, 12 different groups of companies market and sell the IKEA product range under franchise agreements with Inter IKEA Systems B.V. Any jobs published on this page are offered by different companies operating under the IKEA Trademark. IKEA was founded in Sweden in 1943.
IKEA A.I CyberSecurity Scoring
IKEA Risk Score (AI oriented)Between 750 and 799
IKEA
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
IKEA Global Score (TPRM)XXXX
IKEA
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
IKEA Company CyberSecurity News & History
Past Incidents
3
Attack Types
2
IKEA
Breach
Rankiteo Explanation
Attack threatening the organization's existence
Description: Vice Society targeted the IKEA stores in Morocco and Kuwait and posted data taken from them on their leak site. They managed to steal confidential business data and even sensitive employee information.
IKEA
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Ikea Canada suffered a data breach incident that compromised the personal information of approximately 95,000 customers. The compromised information included customer names, email addresses, phone numbers, and postal codes, however, no financial or banking information was exposed. They reviewed and updated internal processes to prevent such incidents in the future.
IKEA
Cyber Attack
Rankiteo Explanation
Attack threatening the organization's existence
Description: IKEA fell prey to a cyber attack in internal phishing attacks using stolen reply-chain emails. IKEA organizations, suppliers, and business partners were compromised by the attack and it was still spreading to other systems as well. IT team warned the employees to not open any mail containing suspicious links and report it to them immediately if received
IKEA Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for IKEA
Incidents vs Retail Industry Average (This Year)
No incidents recorded for IKEA in 2026.
Incidents vs All-Companies Average (This Year)
No incidents recorded for IKEA in 2026.
Incident Types IKEA vs Retail Industry Avg (This Year)
No incidents recorded for IKEA in 2026.
Incident History — IKEA (X = Date, Y = Severity)
IKEA cyber incidents detection timeline including parent company and subsidiaries
IKEA Company Subsidiaries
The IKEA vision is to create a better everyday life for the many people. Our business idea is to offer well-designed, functional and affordable, high-quality home furnishing, produced with care for people and the environment. The IKEA Brand unites more than 200.000 co-workers and hundreds of companies with different owners all over the world. It’s one brand, but it reaches millions of hearts and homes. Our value chain is unique. It includes everything from product development, design, supply, manufacture and sales – and of course it begins and ends with our customers. The IKEA retail business is operated through a franchise system. Today, 12 different groups of companies market and sell the IKEA product range under franchise agreements with Inter IKEA Systems B.V. Any jobs published on this page are offered by different companies operating under the IKEA Trademark. IKEA was founded in Sweden in 1943.
Loading...
IKEA Similar Companies
Trader Joe's
Trader Joe’s is a national chain of neighborhood grocery stores. We are committed to providing our customers outstanding value in the form of the best quality products at the best everyday prices. Through our rewarding products and knowledgeable, friendly Crew Members, we have been transforming groc
Coop
Coop has been an integral part of Switzerland for over 150 years and acts with a sense of responsibility for its people, its regions and its ecosystems. As a retailer, wholesaler and producer, we deliver quality and are proud of our numerous brands and products. The diversity of our teams and tasks
Indomaret Group
Originated from the idea to facilitate the provision of employees’ basic daily needs, a store, known as Indomaret, was established in 1988. As the store developed, the Company were interested to further explore and understand the consumers’ various needs and shopping behaviors. Hence, several employ
Wegmans Food Markets
Wegmans Food Markets is a family-owned regional supermarket chain and one of the largest private companies in the US. Recognized as an industry leader and innovator, the company was founded in 1916 and employs over 53,000 people. Wegmans has been named one of the “100 Best Companies to Work For” by
BİM Birleşik Mağazalar A.Ş
Türkiye’de perakende sektörünün lideri olan BİM Birleşik Mağazalar A.Ş., temel gıda ve tüketim malzemelerinin uygun fiyat ve yüksek kaliteyle tüketiciye ulaştırılması hedefiyle faaliyetlerine 1995 yılında 21 mağazayla başlamıştır. Yüksek indirim (hard-discount) modelinin Türkiye’deki ilk temsilcisi
PT. Sumber Alfaria Trijaya, Tbk (Alfamart)
Alfamart was initiated in 1989 by Djoko Susanto and started its business in trading and distribution. In 1999, the company expanded to minimarket sector and now has become one of the largest retail chains in Indonesia. Having over 20.000 stores, 36 office branch, and more than 165.000 employees, Alf
Avolta
Avolta AG, (SIX: AVOL) is leading a travel experience revolution. The result of the Dufry-Autogrill business combination, Avolta puts the traveler at our strategic core as we maximize every moment of the journey through our unique combination of travel retail and travel food & beverage, passion fo
At Ulta Beauty (NASDAQ: ULTA), the possibilities are beautiful. Ulta Beauty is the largest U.S. beauty retailer and the premier beauty destination for cosmetics, fragrance, skin care products, hair care products and salon services. In 1990, the Company reinvented the beauty retail experience by offe
JD Sports Fashion
Founded in 1981 with a single store in the Northwest of England, JD Group has grown into a leading global omni-channel retailer in Sports Fashion, Outdoors, and Gyms. Our diverse and dedicated teams operate across a portfolio of renowned retail brands in multiple international markets. Listed on th
.png)
IKEA CyberSecurity News
December 18, 2025 08:00 AM
Threats Actors Registering Fake Shopping Domains to Attack Users in this Holiday Season
The 2025 holiday shopping season faces a significant cybersecurity threat as threat actors launch a massive campaign of fake online retail...
November 26, 2025 08:00 AM
Ikea Black Friday Deals: What To Expect And The Best Early Offers
Ikea's Black Friday sale isn't live yet, but you can already shop some early deals for up to 50% off. These are a few of our favorites.
November 26, 2025 08:00 AM
Ikea Discount Codes: Take Up To 50% Off For Black Friday
While Ikea's Black Friday sale isn't live yet, you can already shop some solid deals on Scandinavian-inspired pieces for your living room,...
November 10, 2025 08:00 AM
10 Popular Black Friday Scams - How to Detect the Red Flags and Protect your wallet and Data
Black Friday 2025 represents the most dangerous shopping season in cybercrime history, with fraudsters leveraging artificial intelligence,...
November 07, 2025 08:00 AM
Ikea’s Big Smart-Home Push Arrives With 21 New Matter Devices
Back in July, it was revealed that Ikea was about to go all-in on Matter, with a bunch of new smart-home devices in the works.
November 06, 2025 08:00 AM
Ikea is venturing into smart home tech with 21 new Matter-over-Thread devices
As of Nov. 6, Ikea has launched a new and redesigned line-up of smart home devices. The collection focuses on lighting, sensors,...
October 12, 2025 07:00 AM
Global Data Leak Affects Qantas, McDonald’s, Toyota, and Other Major Brands in Australia, Japan, and the US – What You Need to Be Aware of
In a significant cybersecurity breach that has shaken the travel and business sectors, Qantas Airways has confirmed that sensitive data from...
October 12, 2025 07:00 AM
Qantas Confirms Data of 5.7 Million Customers Leaked Online After Salesforce Cyberattack
Qantas confirms data from 5.7 million customers leaked after major Salesforce cyberattack affecting Disney, Google and IKEA.
October 10, 2025 07:00 AM
Qantas still faces cyber threat despite reports of FBI shutdown
Cybercriminals Scattered Lapsus$ Hunters have given Salesforce and 39 of its customers until Saturday to negotiate a ransom payment.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
IKEA CyberSecurity History Information
Official Website of IKEA
The official website of IKEA is https://ikea.com/.
IKEA’s AI-Generated Cybersecurity Score
According to Rankiteo, IKEA’s AI-generated cybersecurity score is 794, reflecting their Fair security posture.
How many security badges does IKEA’ have ?
According to Rankiteo, IKEA currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Has IKEA been affected by any supply chain cyber incidents ?
According to Rankiteo, IKEA has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.
Does IKEA have SOC 2 Type 1 certification ?
According to Rankiteo, IKEA is not certified under SOC 2 Type 1.
Does IKEA have SOC 2 Type 2 certification ?
According to Rankiteo, IKEA does not hold a SOC 2 Type 2 certification.
Does IKEA comply with GDPR ?
According to Rankiteo, IKEA is not listed as GDPR compliant.
Does IKEA have PCI DSS certification ?
According to Rankiteo, IKEA does not currently maintain PCI DSS compliance.
Does IKEA comply with HIPAA ?
According to Rankiteo, IKEA is not compliant with HIPAA regulations.
Does IKEA have ISO 27001 certification ?
According to Rankiteo,IKEA is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of IKEA
IKEA operates primarily in the Retail industry.
Number of Employees at IKEA
IKEA employs approximately 93,412 people worldwide.
Subsidiaries Owned by IKEA
IKEA presently has no subsidiaries across any sectors.
IKEA’s LinkedIn Followers
IKEA’s official LinkedIn profile has approximately 3,503,996 followers.
NAICS Classification of IKEA
IKEA is classified under the NAICS code 43, which corresponds to Retail Trade.
IKEA’s Presence on Crunchbase
No, IKEA does not have a profile on Crunchbase.
IKEA’s Presence on LinkedIn
Yes, IKEA maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/ikea.
Cybersecurity Incidents Involving IKEA
As of January 24, 2026, Rankiteo reports that IKEA has experienced 3 cybersecurity incidents.
Number of Peer and Competitor Companies
IKEA has an estimated 15,596 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at IKEA ?
Incident Types: The types of cybersecurity incidents that have occurred include Cyber Attack and Breach.
How does IKEA detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an containment measures with warning employees to not open suspicious emails, and remediation measures with reviewed and updated internal processes..
Incident Details
Can you provide details on each incident ?
Title: IKEA Phishing Attack
Description: IKEA fell prey to a cyber attack in internal phishing attacks using stolen reply-chain emails. IKEA organizations, suppliers, and business partners were compromised by the attack and it was still spreading to other systems as well. IT team warned the employees to not open any mail containing suspicious links and report it to them immediately if received.
Type: Phishing
Attack Vector: Phishing emails
Vulnerability Exploited: Email reply-chain exploitation
Title: Ikea Canada Data Breach
Description: Ikea Canada suffered a data breach incident that compromised the personal information of approximately 95,000 customers. The compromised information included customer names, email addresses, phone numbers, and postal codes, however, no financial or banking information was exposed.
Type: Data Breach
Title: Vice Society Data Breach at IKEA Stores in Morocco and Kuwait
Description: Vice Society targeted the IKEA stores in Morocco and Kuwait and posted data taken from them on their leak site. They managed to steal confidential business data and even sensitive employee information.
Type: Data Breach
Threat Actor: Vice Society
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Phishing emails.
Impact of the Incidents
What was the impact of each incident ?
Incident : Phishing IKE183226322
Systems Affected: IKEA organizationssuppliersbusiness partners
Incident : Data Breach IKE201526822
Data Compromised: Customer names, Email addresses, Phone numbers, Postal codes
Payment Information Risk: No
Incident : Data Breach IKE00291122
Data Compromised: Confidential business data, Sensitive employee information
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Customer Names, Email Addresses, Phone Numbers, Postal Codes, , Confidential Business Data, Sensitive Employee Information and .
Which entities were affected by each incident ?
Incident : Data Breach IKE201526822
Entity Name: Ikea Canada
Entity Type: Retail
Industry: Furniture
Location: Canada
Customers Affected: 95000
Incident : Data Breach IKE00291122
Entity Name: IKEA
Entity Type: Retail
Industry: Home Furnishings
Location: MoroccoKuwait
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Phishing IKE183226322
Containment Measures: Warning employees to not open suspicious emails
Incident : Data Breach IKE201526822
Remediation Measures: reviewed and updated internal processes
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach IKE201526822
Type of Data Compromised: Customer names, Email addresses, Phone numbers, Postal codes
Number of Records Exposed: 95000
Personally Identifiable Information: customer namesemail addressesphone numberspostal codes
Incident : Data Breach IKE00291122
Type of Data Compromised: Confidential business data, Sensitive employee information
Sensitivity of Data: High
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: reviewed and updated internal processes, .
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by warning employees to not open suspicious emails and .
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Phishing IKE183226322
Entry Point: Phishing emails
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident was an Vice Society.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were customer names, email addresses, phone numbers, postal codes, , confidential business data, sensitive employee information and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was IKEA organizationssuppliersbusiness partners.
Response to the Incidents
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident was Warning employees to not open suspicious emails.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were confidential business data, postal codes, customer names, sensitive employee information, email addresses and phone numbers.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 950.0.
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker was an Phishing emails.
.png)
Latest Global CVEs (Not Company-Specific)
Description
Typemill is a flat-file, Markdown-based CMS designed for informational documentation websites. A reflected Cross-Site Scripting (XSS) exists in the login error view template `login.twig` of versions 2.19.1 and below. The `username` value can be echoed back without proper contextual encoding when authentication fails. An attacker can execute script in the login page context. This issue has been fixed in version 2.19.2.
Risk Information
cvss3
Base: 5.4
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Description
A DOM-based Cross-Site Scripting (XSS) vulnerability exists in the DomainCheckerApp class within domain/script.js of Sourcecodester Domain Availability Checker v1.0. The vulnerability occurs because the application improperly handles user-supplied data in the createResultElement method by using the unsafe innerHTML property to render domain search results.
Description
A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Modern Image Gallery App v1.0 within the gallery/upload.php component. The application fails to properly validate uploaded file contents. Additionally, the application preserves the user-supplied file extension during the save process. This allows an unauthenticated attacker to upload arbitrary PHP code by spoofing the MIME type as an image, leading to full system compromise.
Description
A UNIX symbolic link following issue in the jailer component in Firecracker version v1.13.1 and earlier and 1.14.0 on Linux may allow a local host user with write access to the pre-created jailer directories to overwrite arbitrary host files via a symlink attack during the initialization copy at jailer startup, if the jailer is executed with root privileges. To mitigate this issue, users should upgrade to version v1.13.2 or 1.14.1 or above.
Risk Information
cvss3
Base: 6.0
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
cvss4
Base: 6.0
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description
An information disclosure vulnerability exists in the /srvs/membersrv/getCashiers endpoint of the Aptsys gemscms backend platform thru 2025-05-28. This unauthenticated endpoint returns a list of cashier accounts, including names, email addresses, usernames, and passwords hashed using MD5. As MD5 is a broken cryptographic function, the hashes can be easily reversed using public tools, exposing user credentials in plaintext. This allows remote attackers to perform unauthorized logins and potentially gain access to sensitive POS operations or backend functions.
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=ikea' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
