The LAPSUS$ group claims to have breached Salesfloor, a Canadian retail SaaS company specializing in clienteling and conversational AI for omnichannel retail. Based in Montreal, Salesfloor serves prominent global brands such as Saks, Bloomingdale’s, and Macy’s. The threat actor alleges to have exfiltrated a massive cache of data—approximately 1TB compressed and 4TB uncompressed—containing sensitive internal assets and client information. The group has explicitly listed numerous high-profile retailers whose data was allegedly caught in the compromise, including Fabletics, GNC, Puma India, and Novartis.
According to the actor, the compromised files contain a wide variety of internal and customer-facing assets. The allegedly compromised data includes:
-
Full source code and development data
-
SQL database files
-
System logs
-
User images
-
Customer Personally Identifiable Information (PII) belonging to Salesfloor’s retail clients (including Full Names, Email Addresses, and Phone Numbers)
-
CRM IDs and subscription flags
