leaksear.ch has indexed a Salesfloor leak containing 7,754,615 records tied to the Canadian retail SaaS platform and retailer customer data, with January 22, 2026 listed as the breach date (leaksear.ch metadata). Salesfloor provides retail customer-engagement tools including clienteling, virtual shopping, and conversational AI; Tulip and Salesfloor announced on March 24, 2026 that they would combine under the Tulip brand (www.tulip.com).
What happened
Public reporting to date frames this as an alleged dark-web reported compromise, not a detailed company notice. UpGuard reported on January 26, 2026 that the incident was reported on January 22, attributed in those reports to LAPSUS$, and allegedly involved 4 TB of uncompressed data including source code, system logs, development assets, SQL databases, and customer PII (www.upguard.com).
No public source reviewed for this article confirms the initial access path or whether the customer data was exposed through ransomware, scraping, misconfigured storage, or another mechanism. UpGuard's public summary described approximately 1 million user records, while the dataset indexed by leaksear.ch contains 7,754,615 records as of June 30, 2026 (leaksear.ch metadata).
Salesfloor's business context matters because it sits between retailers and customer engagement data. In March 2026, Tulip said the merged Tulip-Salesfloor company would support about 100 enterprise retail clients and described Salesfloor as an engagement platform used by enterprise retailers in more than 70 countries and by over 50,000 associates (www.tulip.com).
What data was exposed
The indexed records contain contact and retail CRM data. The directly searchable fields are name, email address, phone number, postal address, and country (leaksear.ch metadata).
Additional stored fields listed in the metadata include alternate email and phone fields, contact preference, customer and CRM IDs, retailer customer and store IDs, employee and user IDs, timestamps for record creation, updates, and last contact, subscription and SMS marketing flags, locale, tags, favorite-contact data, transaction-related structured fields, and source-system metadata (leaksear.ch metadata).
Why this matters
Even without passwords or payment-card fields in the metadata supplied to leaksear.ch, contact data tied to retailer relationships can be useful for convincing phishing, smishing, and account-recovery social engineering (leaksear.ch metadata). Retailers that used Salesfloor should treat exposed CRM and customer identifiers as correlation points that may help attackers tailor lures to specific brands, stores, or customer histories. Individuals should be cautious of messages that reference retail interactions, store appointments, marketing subscriptions, or customer-service follow-ups. If you interacted with a retailer that used Salesfloor, use the leaksear.ch exposure lookup below to check whether your name, email, phone, address, or country appears in this leak.
Check your exposure
Vetted researchers and incident-response teams can request access or sign in if they already have access to check this dataset. Searchable pivots for this leak include address, country, email, name, and phone.