The US department store chain Belk has become the latest high-profile target of a ransomware attack, with the DragonForce gang claiming to be behind the breach.

What Happened?

The attack, which was detected on May 8, forced Belk to shut down affected systems, restrict internal network access, reset user credentials, and begin rebuilding its IT infrastructure. The disruption impacted both in-store and online operations, with Belk’s e-commerce platform still offline as of this writing.

According to Belk’s internal investigation, the attackers gained unauthorized access between May 7 and May 11. During this time, they exfiltrated sensitive files, some of which included personally identifiable information (PII) such as names and Social Security numbers.

Response and Impact

In compliance with state regulations, Belk has filed a data breach notification with the New Hampshire Attorney General’s Office. Affected individuals are being offered 12 months of free credit monitoring and identity protection services, which include up to $1 million in identity theft insurance.

Although Belk has not officially confirmed who was behind the breach, DragonForce has publicly taken credit for the incident and listed Belk on its Tor-based leak site. The group claims to have stolen 156 GB of data, now available for download, suggesting that Belk may have refused to pay the ransom.

Who is DragonForce?

DragonForce is a known ransomware-as-a-service (RaaS) operation active since late 2023. While the group has claimed attacks on over 200 organizations, only 38 incidents have been verified so far.

They recently attracted attention for launching disruptive campaigns against major UK retail chains such as Co-op, Harrods, and Marks & Spencer. These events have drawn comparisons to the tactics used by the Scattered Spider group—another sophisticated and high-profile cybercrime syndicate.

A Wake-Up Call for Retailers

Belk, a well-established retailer founded in the late 1800s and operating over 300 stores across 16 US states, represents a growing trend of cybercriminals targeting retail infrastructure. With operations spanning both physical and digital channels, retailers remain especially vulnerable to ransomware attacks that disrupt operations and expose sensitive customer data.

What Can Organizations Learn?

This breach reinforces the importance of:

• Maintaining network segmentation and incident response readiness
• Conducting regular penetration testing and vulnerability assessments
• Implementing zero-trust architectures
• Ensuring continuous monitoring with strong observability tools
• Training employees on phishing and social engineering prevention

At Nubetia, we help organizations like yours proactively defend against evolving threats with tailored cybersecurity solutions and real-time observability.

Source: https://www.securityweek.com/ransomware-group-claims-attack-on-belk/