American furniture retailer Lovesac has disclosed a data breach following a ransomware attack that compromised its internal systems. The company acknowledged that personal information belonging to an undisclosed number of individuals was exposed during the incident.
Lovesac, best known for its modular “sactionals” couches and oversized “sacs,” operates 267 showrooms across the United States and reported $750 million in annual net sales. The cybersecurity breach underscores how even consumer retail brands are becoming targets of sophisticated ransomware operations.
Timeline of the Lovesac Breach
According to regulatory filings and customer notifications, attackers gained unauthorized access to Lovesac’s internal network between February 12, 2025, and March 3, 2025.
- February 28, 2025: Lovesac detected the intrusion.
- Three days later: The company contained the incident and blocked further access.
- March 3, 2025: The RansomHub ransomware gang publicly claimed responsibility for the attack.
The company has not confirmed whether the stolen data belonged to customers, employees, or contractors, and it has not revealed how many individuals are affected.
What Data Was Exposed in the Breach
The breach notice revealed that attackers stole sensitive personal information. While Lovesac confirmed that full names were among the exposed data, it did not specify the other categories of personal information accessed.
Impacted individuals have been offered 24 months of free Experian credit monitoring and identity protection services, with enrollment available until November 28, 2025.
In its notification letters, Lovesac wrote:
“At this time, we have no indication that the stolen information has been misused. However, we urge impacted individuals to remain vigilant against potential phishing attempts.”
RansomHub Claims Responsibility for the Attack
While Lovesac did not explicitly name the group behind the breach, the RansomHub ransomware gang claimed responsibility through its extortion site on March 3, 2025.
The gang warned that the stolen data would be leaked if ransom demands were not met. At this time, it is unclear whether Lovesac entered negotiations or if the stolen data was eventually published.
Background on the RansomHub Ransomware Operation
RansomHub is a ransomware-as-a-service (RaaS) group that surfaced in early 2024. By leveraging affiliate operators, the group quickly accumulated a high-profile victim list across multiple industries.
Notable Victims Include:
- Staffing firm Manpower – RansomHub-linked breach affected around 144,189 individuals.
- Oilfield services provider Halliburton – Hackers accessed and removed data from its systems in August 2024.
- Pharmacy chain Rite Aid – RansomHub breached its systems on June 6, 2024, exfiltrating data of about 2.2 million individuals; the chain settled a class-action lawsuit for $6.8 million.
- Kawasaki’s European division
- Christie’s auction house
- U.S. telecom provider Frontier Communications – RansomHub claimed to have stolen data on over 2 million customers, including names, SSNs, dates of birth, and credit information.
- Healthcare nonprofit Planned Parenthood – RansomHub targeted its Montana affiliate, exfiltrating data on about 18,000 patients, including sensitive health and personal information.
- Italian football club Bologna FC – Confirmed a ransomware attack; RansomHub leaked internal club data including player medical and financial records.
Despite its growing influence, RansomHub shut down operations in April 2025, with many of its affiliates reportedly migrating to the DragonForce ransomware collective.
The Lovesac case highlights how ransomware attacks continue to evolve and spread across industries beyond critical infrastructure and healthcare. Large retailers with valuable customer and employee data remain attractive targets for ransomware operators.
The exposure of personal information, combined with public extortion attempts, demonstrates the ongoing risks posed by data exfiltration tactics widely used by ransomware groups. For enterprises, this breach serves as another reminder of the importance of layered cybersecurity defenses, incident response planning, and proactive monitoring of data access.
