Belk Hit by May Cyberattack: DragonForce Stole 150GB of Data

In a shocking revelation, the notorious ransomware group DragonForce has claimed responsibility for a devastating cyberattack on US department store chain Belk. The attack, which took place between May 7 and 11, 2025, saw an unauthorized party gain access to Belk's corporate systems and steal a staggering 156 gigabytes of sensitive data.

About Belk

Belk, Inc., the parent company of Belk, is a major American department store chain founded in 1888 in Monroe, North Carolina. With its headquarters currently located in Charlotte, the company operates around 300 locations across 16 states, offering a wide range of products including apparel, footwear, home furnishings, jewelry, beauty products, and more.

The Cyberattack

According to a data breach notification shared by Belk with the New Hampshire Attorney General's Office, the cyberattack occurred when an unauthorized third party gained access to certain corporate systems and data between May 7-11, 2025. The company worked closely with third-party cybersecurity experts to determine the source and scope of the incident and concluded that the unauthorized party obtained certain internal documents related to Belk.

Consequences of the Attack

The consequences of the attack were far-reaching, with certain internal documents containing personal information being compromised. Names and Social Security numbers were also stolen in the breach. The affected individuals can now take advantage of 12 months of free credit monitoring and identity restoration services offered by Belk.

DragonForce's Involvement

The infamous ransomware group DragonForce has claimed responsibility for the attack, stating that it had stolen 156 gigabytes of data from Belk. This is not the first time DragonForce has made headlines; the group was previously active in December 2023, carrying out attacks on UK retailers like Marks & Spencer, Co-op, and Harrods.

DragonForce's Modus Operandi

The DragonForce ransomware gang operates a cybercrime affiliate service, allowing affiliates to use its tools to launch attacks and extort victims. The group manages both Telegram and Discord channels, with cybersecurity experts believing that it is composed of English-speaking teenagers.

The Stolen Data

The stolen data, amounting to 150GB, are currently available for download on a Tor leak site, suggesting that the negotiation between Belk and DragonForce may have failed. This revelation adds weight to the claims made by DragonForce regarding its involvement in the attack.

Belt's Response

Belk responded to the cyberattack by implementing robust security measures, including restricting network access, blocking threats, resetting passwords, rebuilding systems, and enhancing security monitoring. The company is also working closely with law enforcement and third-party cybersecurity experts to investigate and contain the incident.

Conclusion

The recent cyberattack on Belk serves as a reminder of the ever-evolving threat landscape and the importance of robust cybersecurity measures. As we move forward, it's crucial for organizations like Belk to prioritize their security posture and stay vigilant against emerging threats.