Lovesac Data Breach Exposes SSNs in Multiple States

Published

September 8, 2025

Updated

September 8, 2025

Lovesac

Types of INFORMATION affected

Names
Social Security Numbers
Dates of Birth
Addresses
Government IDs
Medical Info
Financial Info

Lovesac, an American furniture company, experienced a data breach. On May 30, 2025, Lovesac discovered suspicious activity within its internal email environment. An investigation determined that an unauthorized actor gained access to an employee email account between May 27, 2025 and May 30, 2025.

The cybersecurity incident exposed sensitive information contained in emails and attachments. Compromised information includes names and Social Security numbers. The total number of impacted individuals has not been released, but may be in the thousands.

A ransomware group known as RansomHub claimed responsibility for the breach, stating on March 6, 2025, that they had obtained 40 GB of company data and threatened to publish it on the dark web within days. The group made their claim on the Tor network.

Lovesac began notifying affected individuals by mail on Sept. 4, 2025. The data breach was also disclosed to multiple Attorney Generals' offices between Sept. 4, 2025 and Sept. 5, 2025, including Maine, Massachusetts, Vermont and New Hampshire.

The breach affected a small but notable group of individuals across several states. According to state filings, seven Maine residents, 51 Massachusetts residents, and six New Hampshire residents were impacted. The company notified affected individuals in writing on Sept. 4, 2025. The incident was disclosed to the Maine Attorney General’s office on Sept. 4, to the Massachusetts Attorney General’s office on Sept. 5, to the Vermont Attorney General’s office on Sept. 5, and to the New Hampshire Attorney General’s office on Sept. 5.

The Lovesac Company's response

In addition to required state and federal disclosures, Lovesac is offering 24 free months of Experian IdentityWorks credit monitoring services to all impacted individuals. The company has also established a dedicated assistance line for individuals with questions at 833-918-1113 between 9:00 a.m. and 9:00 p.m. EST, Monday to Friday.

More information about the furniture company can be found on the LoveSac website.

Protect Your Data

A breach notice means your personal details could be circulating far beyond the organization involved. One practical step is continuous monitoring: services such as Identity Defender (included with an ExpressVPN subscription) can automatically check dark-web markets, flag new credit-file activity, and request removal of your information from data-broker sites.

This kind of “early-warning system” can’t undo a breach, but it can help you spot misuse quickly and limit further exposure. ExpressVPN is offering 61% off, risk-free for 30 days, with ID Theft Insurance included and no extra cost for those who sign up for one or two years.