Modular furniture company Lovesac has reported a cybersecurity breach that compromised the personal data of an undisclosed number of individuals. The breach, which occurred between February 12 and March 3, 2025, involved unauthorized access to the company’s internal systems, during which threat actors exfiltrated sensitive data. While the specific types of personal information stolen remain unspecified, the company confirmed that full names were among the exposed data.
Lovesac discovered the intrusion on February 28, 2025, and reportedly took three days to block the attackers and secure its systems. Notification letters sent to affected parties include instructions for enrolling in 24 months of credit monitoring services via Experian, available until November 28, 2025. However, it remains unclear whether the impacted individuals include customers, employees, or contractors, and no total number has been disclosed.
Source: lovesac.com.
Although the company has not publicly identified the perpetrators, the RansomHub ransomware group claimed responsibility for the attack on March 3, 2025. The group posted Lovesac to its leak site, threatening to publish stolen data unless a ransom was paid. It’s unknown whether Lovesac engaged with the extortion attempt or if the threat actors followed through on their data-leak threats.
RansomHub, a ransomware-as-a-service (RaaS) operation that surfaced in February 2024, has previously targeted prominent organizations such as Halliburton, Frontier Communications, and Christie’s auction house. Notably, the group ceased operations in April 2025, with affiliates reportedly migrating to another cybercrime group called DragonForce.
Lovesac, which operates 267 showrooms across the U.S. and generated $750 million in annual net sales, is best known for its modular “sactionals” and oversized bean bags called “sacs.” BleepingComputer reached out to the company for more information regarding the extent of the breach and the number of individuals affected, but no additional updates were available at the time of writing.
This breach underscores the continuing threat ransomware groups pose to retailers and manufacturers alike. For impacted individuals, especially if employed or affiliated with Lovesac, vigilance against follow-on phishing or identity fraud is critical. Monitoring credit reports, enabling two-factor authentication on sensitive accounts, and watching for suspicious communications are key steps to mitigating potential harm.
