Ingka Group (IKEA) Targeted in Alleged Lapsus$ Data Theft

On June 2, 2026, the hacking group Lapsus$ claimed responsibility for stealing roughly 180 GB of internal data from Ingka Group, the largest franchise operator of IKEA stores worldwide. The group said the material includes source code, technical documents, and other internal files, and offered the data for sale. Ingka Group stated it is actively investigating the claims.

Public reporting indicates the incident follows Lapsus$’s pattern of high-profile data thefts followed by extortion or sale. Available details show that the exact number of individuals whose personal information may have been exposed remains unknown. Ingka has not yet confirmed that customer records were taken, but the volume and nature of the stolen material have raised concerns that employee, supplier, or customer data could be included. Industry research from sources such as DoxxScan™ continuous monitoring indicates that retail and logistics breaches frequently surface employee emails, internal credentials, and partner contact lists in subsequent leaks.

This matters for you and your family because IKEA customer accounts, delivery addresses, payment details, and contact information are often stored in the very systems targeted in attacks like this. When internal technical documents and source code leave the building, the risk extends beyond the company. Attackers can study how IKEA’s systems work, find weaknesses, and use any leaked credentials to access accounts that contain your home address, phone number, children’s names, or order history. A single exposed email and password combination from an IKEA purchase can open the door to far more serious problems.

The doxxing and identity-chain implications are significant. Leaked internal files often contain employee or contractor emails, system usernames, and references to third-party services. Once those appear on dark-web markets, attackers can link them to personal accounts across dozens of other sites. A password reused from an old IKEA order can lead to gaming account takeovers, social-media hijacking, or the gradual assembly of a full identity profile that includes your home address, family members’ names, and phone numbers. Children’s gaming accounts are especially vulnerable because they frequently share the same household email or password patterns, turning one retail breach into a chain of exposures that can result in harassment or identity theft.

What to do

• Run a DoxxScan to map every link between your emails, phone numbers, usernames, and real-world identity so you can see exactly what this breach may have exposed.
• Rotate any password you have ever used on IKEA.com or the IKEA app, replace it with a unique one, and enable two-factor authentication through an authenticator app rather than SMS.
• Enable continuous DoxxScan monitoring across 15.4 billion breach records and more than 100 platforms so the next leak that touches your information is caught and acted on within hours instead of months.
• Cover the entire household with DoxxScan family protection, which extends to your children’s gaming accounts and any other services that chain back to the same address or shared credentials.
• Let DoxxScan remediation specialists handle the takedown requests across data brokers and exposed records so you do not have to chase every site yourself.

The breach at Ingka Group is a reminder that even large, familiar retailers can become gateways to personal exposure. Taking deliberate steps now limits how far any single incident can reach. Start your DoxxScan trial and use its continuous monitoring across 15.4B+ breach records and 100+ platforms, AI-powered identity-chain mapping, hands-on remediation by specialists, and family coverage that includes children’s gaming accounts. Protecting your information and your family’s digital footprint is no longer optional.

Source: https://cybernews.com/security/ikea-source-code-data-sale-lapsus/