DragonForce Cyberattack Targets Belk Inc. with Ransomware Attack

• DragonForce listed U.S. department store chain Belk as its latest victim.
• The attackers reportedly accessed and exfiltrated confidential information.
• Belk previously acknowledged unauthorized third-party access to internal files.

The DragonForce hacking group has claimed responsibility for a significant ransomware attack on Belk Inc., a prominent American department store chain. According to statements released by the group, they successfully exfiltrated 156.32 GB of sensitive data and allegedly leaked it online. 

Belk has confirmed a cyber incident that disrupted its systems earlier this year in May, when an unnamed third party accessed company files.

The assault executed by DragonForce involved the deployment of ransomware, a malicious software used to encrypt an organization’s data and demand a ransom for its release. However, in this case, the attackers went beyond encryption. 

The leaked data is believed to include company records, employee information, and possibly customer-related details, though detailed specifics have not yet been disclosed.  

Belk Inc. confirmed the cyber incident but declined to disclose extensive details about the nature of the compromised data or the steps being taken to regain control.

"Belk was the victim of a cyber incident in which an unauthorized third party gained access to certain corporate systems and data between May 7-11, 2025,” a company announcement stated in June. “Belk concluded that the third party obtained certain internal documents related to Belk."

The retailer acknowledged the disruption caused by the cyberattack but emphasized its commitment to reinforcing its cybersecurity measures to prevent future breaches. However, it remains unclear whether the company has negotiated or paid any ransom to recover compromised data.  

In May, the Marks & Spencer data breach believed to be stemming from a third-party provider with privileged access to the company’s systems, was attributed to DragonForce.

This attack shines a spotlight on the vulnerabilities within the retail sector, a frequent target for cybercriminals due to the volume of personally identifiable information (PII) and payment data it manages. For consumers, the breach emphasizes the importance of vigilance in monitoring financial transactions and securing personal information.