The LoveSac Company

The LoveSac Company, a US-based furniture retailer, suffered a ransomware attack in early March 2025, attributed to the RansomHub group. Unauthorized actors gained access to internal systems between February 12 and March 3, 2025, exfiltrating sensitive personal data, including names and unspecified personal identifiers. While no confirmed misuse of the stolen data has been reported, the breach prompted LoveSac to offer two years of complimentary identity monitoring and credit protection to affected individuals. The company detected suspicious activity on February 28, 2025, and later confirmed the data theft. RansomHub threatened to publish the stolen information unless a ransom was paid, though no public confirmation of payment exists. The attack vector remains unconfirmed but aligns with RansomHub’s typical methods, such as exploiting unpatched systems, weak credentials, or RDP vulnerabilities. LoveSac has since strengthened security measures, including policy reviews, access controls, and regulatory notifications. The incident highlights risks to customer data integrity and potential long-term reputational harm, despite no immediate fraudulent activity linked to the breach.

Source: https://cyberinsider.com/lovesac-discloses-data-breach-after-ransomhub-ransomware-attack/

TPRM report: https://www.rankiteo.com/company/lovesac

"id": "lov3283532110725",
"linkid": "lovesac",
"type": "Ransomware",
"date": "2/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"

{'affected_entities': [{'industry': 'Furniture',
                        'location': 'Stamford, Connecticut, USA',
                        'name': 'The LoveSac Company',
                        'type': 'Publicly Traded Retailer'}],
 'attack_vector': ['Unpatched Systems (suspected)',
                   'Weak Credentials (suspected)',
                   'Remote Desktop Protocol (RDP) Exploitation (suspected)'],
 'customer_advisories': ['Notification letters',
                         'Identity protection services (Experian)'],
 'data_breach': {'data_exfiltration': True,
                 'personally_identifiable_information': True,
                 'sensitivity_of_data': 'High (personal identifiers)',
                 'type_of_data_compromised': ['Names',
                                              'Sensitive Personal Identifiers '
                                              '(unspecified)']},
 'date_detected': '2025-02-28',
 'date_publicly_disclosed': '2025-03-06',
 'description': 'The LoveSac Company disclosed a data breach following '
                'unauthorized access to its internal systems, linked to a '
                'ransomware attack claimed by the RansomHub group in early '
                'March 2025. Sensitive personal information may have been '
                'exposed, prompting notifications and identity protection '
                'services for affected individuals. The breach was detected on '
                'February 28, 2025, with data exfiltration occurring between '
                'February 12 and March 3, 2025. RansomHub threatened to '
                'publish stolen data unless a ransom was paid, though no '
                'public confirmation of payment exists.',
 'impact': {'brand_reputation_impact': 'Potential (due to public disclosure of '
                                       'breach and ransomware threat)',
            'data_compromised': True,
            'identity_theft_risk': 'High (names and sensitive personal '
                                   'identifiers exposed; identity monitoring '
                                   'offered)',
            'systems_affected': True},
 'investigation_status': 'Completed (review of compromised files finalized; '
                         'affected individuals identified)',
 'motivation': 'Financial (Ransom Demand)',
 'post_incident_analysis': {'corrective_actions': ['Reinforced security '
                                                   'posture',
                                                   'Policy review',
                                                   'Enhanced data access '
                                                   'controls'],
                            'root_causes': ['Potential unpatched systems',
                                            'Weak credentials',
                                            'RDP vulnerabilities']},
 'ransomware': {'data_exfiltration': True,
                'ransom_demanded': True,
                'ransomware_strain': 'RansomHub'},
 'recommendations': ['Monitor financial accounts and credit reports',
                     'Place fraud alerts or credit freezes if necessary',
                     'Enhance security controls (e.g., patch management, '
                     'credential hygiene, RDP security)'],
 'references': [{'source': 'ransomware.live'}],
 'regulatory_compliance': {'regulatory_notifications': True},
 'response': {'communication_strategy': ['Public disclosure',
                                         'Notification campaign to affected '
                                         'individuals',
                                         'Offer of 2 years of complimentary '
                                         'identity monitoring and credit '
                                         'protection (Experian)'],
              'enhanced_monitoring': True,
              'incident_response_plan_activated': True,
              'remediation_measures': ['Reviewed internal security policies',
                                       'Enhanced controls over personal data '
                                       'access']},
 'threat_actor': 'RansomHub',
 'title': 'LoveSac Company Data Breach and Ransomware Attack (March 2025)',
 'type': ['Data Breach', 'Ransomware Attack']}