Belk data breach reports are making waves after the notorious DragonForce ransomware group claimed responsibility for an attack on the US department store chain. The same group recently disrupted UK retail giant Marks & Spencer, causing over $400 million in damages.
Now, DragonForce says it has exfiltrated over 156 GB of sensitive data from Belk and published the breach on its dark web blog.
What Was Stolen in the Belk Data Breach?
According to researchers at Cybernews, the Belk data breach appears legitimate and highly sensitive. The leaked data reportedly includes:
- Customer data: Full names, dates of birth, addresses, emails, and phone numbers
- Employee records: Profiles and internal store data
- Order history: Purchased items and order details
- Coupons and app data: Internal infrastructure, including Belk’s mobile app
- Backup files and over 20 internal directories
Researchers believe millions of users may be affected, although some entries likely belong to test accounts.
DragonForce Escalates Tactics
DragonForce posted the Belk breach after the company refused to pay the ransom. The group claims it did not intend to destroy Belk’s business but resorted to destructive actions when negotiations failed.
The gang provided screenshots of the stolen directories and detailed access to various parts of Belk’s infrastructure.
Cybernews notes that such data, especially purchase history, could be exploited by malicious actors or data brokers to profile individuals or even assess insurance risks.
Who Is DragonForce?
DragonForce has become one of the most active ransomware groups of the past year. According to dark web monitoring platform Ransomlooker, the cartel has targeted 104 organizations in the last 12 months.
Notably, DragonForce attacked Marks & Spencer in a highly disruptive campaign that:
- Took down its online clothing store
- Emptied shelves in physical stores
- Caused £300 million ($403 million) in operating losses
- Wiped over £1 billion from M&S’s stock market value
The gang also claims it recently hacked rival ransomware group RansomHub, seizing control of their infrastructure and inviting competitors to join DragonForce.
Was Belk Previously Breached?
In June 2025, Belk submitted a breach notification to the New Hampshire Attorney General, confirming an earlier cyber incident involving unauthorized access to corporate systems. However, it remains unclear whether that incident is linked to the current data breach claimed by DragonForce.
Conclusion: Belk Data Breach Highlights Growing Retail Threat
The Belk data breach underscores rising cybersecurity threats in the retail industry. With ransomware groups like DragonForce ramping up attacks, even long-standing brands like Belk—founded in 1888, with 300 stores and $4 billion in revenue—are vulnerable.
As Belk investigates the breach, customers and employees may face fallout ranging from phishing attempts to data exploitation. Retailers everywhere should take note—no one is off-limits anymore.
0 responses to “Belk Data Breach Linked to DragonForce Ransomware Gang”