+02 683-5100
Callback
  • Main
  • Blog
  • Belk Suffers Ransomware Attack: 150GB of Customer Data Stolen

Belk Suffers Ransomware Attack: 150GB of Customer Data Stolen

US department store chain Belk has become the latest victim of a major cyberattack, after the DragonForce ransomware group claimed responsibility for breaching its systems and stealing over 156 gigabytes of customer data, which has now been published on the group’s leak site on the Tor network.

When Did the Belk Ransomware Attack Happen?

Belk identified the breach on May 8, 2025, and internal investigations revealed that the hackers had access to the network from May 7 to May 11.

In response, the company immediately disconnected affected systems, reset passwords, and rebuilt its infrastructure. These actions caused major disruptions to both in-store and online operations. As of the time of writing, Belk’s online store is still offline.

What Information Was Stolen?

According to a data breach notification submitted to the New Hampshire Attorney General’s Office, names and Social Security numbers of some customers were compromised—information that is considered highly sensitive.

To mitigate the impact, Belk is offering affected individuals:

  • 12 months of free credit monitoring and identity recovery services
  • Identity theft insurance coverage up to $1 million

Who Is DragonForce?

While Belk did not name the attackers directly, the ransomware group DragonForce has claimed responsibility. They listed Belk on their dark web leak site and stated:

“We have stolen 150GB of data from Belk’s network. It is now available for download.”

This suggests that Belk may have declined to pay the ransom, prompting the attackers to release the stolen data publicly.

Understanding DragonForce: The Group Behind the Belk Attack

DragonForce is a ransomware-as-a-service (RaaS) operation that emerged in December 2023. The group claims to have targeted more than 210 organizations globally, though only 38 incidents have been verified so far.

DragonForce has also made headlines for targeting major UK retailers like Co-op, Harrods, and Marks & Spencer—attacks that have been linked to the infamous Scattered Spider cybercrime group.

Belk Won’t Be the Last

The Belk ransomware attack by DragonForce is a clear reminder that even large enterprises with strong IT resources can fall victim to sophisticated cyber threats. It underscores the importance of not just having tools in place, but maintaining a continuous, proactive approach to cybersecurity.

_____________________________________________________________________________________________________________________________________________________________________

Source: SecurityWeek

By using our website, you agree that we use files cookies
Agree