Article illustration 1

Lovesac, a prominent U.S. furniture brand with $750 million in annual sales and 267 showrooms, has disclosed a significant data breach stemming from a ransomware attack. Between February 12 and March 3, 2025, hackers infiltrated the company's internal systems, stealing sensitive personal data including full names and undisclosed personal details. Lovesac detected the breach on February 28 and blocked access within three days, but the damage was already done, exposing vulnerabilities in the retail sector's digital infrastructure.

According to notifications filed with state Attorney General offices, the stolen data could impact an unknown number of customers, employees, or contractors. Lovesac has not revealed the exact scale but is offering affected individuals a 24-month credit monitoring service through Experian. The company advises vigilance against phishing, though it claims no evidence of data misuse so far.

The attack was claimed by the RansomHub ransomware gang, which added Lovesac to its extortion portal on March 3, threatening to leak the data unless a ransom was paid.


alt="Article illustration 2"
loading="lazy">

RansomHub, a ransomware-as-a-service operation active since February 2024, targeted high-profile victims like Halliburton and Christie's before abruptly shutting down in April 2025. Security firm KELA reports that many of its affiliates have since migrated to the DragonForce ransomware group, signaling a dangerous evolution in the cybercrime landscape.

This breach is a stark reminder of how ransomware gangs increasingly target retail and manufacturing sectors, where IT defenses may lag behind tech industries. Developers and security teams must prioritize supply chain security, including robust access controls and real-time threat detection, to protect customer data. As one cybersecurity expert noted, 'Incidents like this demonstrate that no industry is immune—ransomware affiliates are adapting faster than ever.'

Lovesac's response, while prompt, raises questions about transparency and preparedness. With RansomHub's shutdown complicating attribution, the incident serves as a cautionary tale for businesses to fortify defenses against affiliate-driven attacks. The ripple effects could drive regulatory scrutiny and push for stronger encryption and zero-trust architectures across retail tech stacks.

Source: BleepingComputer, with data from KELA.