258/68 Thursday, July 17, 2025
Belk, a major U.S. department store chain, has confirmed it was the target of a cyberattack between May 7–11, 2025. According to the company’s statement, unauthorized actors gained access to internal systems and exfiltrated sensitive company documents. The ransomware group “DragonForce” has claimed responsibility for the attack, stating it stole 156GB of internal data, including corporate documents and personal information such as employee names and Social Security numbers.
In response, Belk is offering 12 months of free credit monitoring and identity recovery services to affected individuals. As of now, Belk’s official website remains inaccessible, and reports indicate that portions of the stolen data have already been leaked on DragonForce’s dark web site, suggesting a failed ransom negotiation.
Headquartered in North Carolina, Belk operates more than 300 stores across 16 states. Upon detecting suspicious activity on May 8, the company immediately engaged external cybersecurity experts to investigate the root cause of the breach. Belk also implemented urgent response measures, including limiting network access, resetting passwords, rebuilding systems, and enhancing security monitoring tools. Authorities and relevant regulatory bodies have also been notified to support the ongoing investigation.
DragonForce is known for targeting major UK retailers such as Marks & Spencer, Harrods, and Co-op, using double extortion tactics-encrypting data while threatening to leak it unless ransom demands are met. The group operates under an affiliate-based cybercrime-as-a-service model, providing tools via Telegram and Discord for partners to conduct attacks. There are growing concerns that DragonForce may continue expanding its operations to target large organizations globally.
