Belk, the North Carolina-based department store chain with nearly 300 locations across the southeastern United States, has confirmed that it was the victim of a cybersecurity breach in May 2025. The cyberattack, attributed to the ransomware group DragonForce, resulted in the unauthorized access and theft of 156 gigabytes of sensitive company data.
Scope of the Incident
According to Belk, the breach occurred between May 7 and May 11, 2025, during which attackers infiltrated corporate networks and exfiltrated a significant volume of data. The compromised information includes internal corporate documents as well as personal data such as names, Social Security numbers, contact details, employee records, and possibly customer transaction histories and account credentials.
This breach disrupted Belk’s digital operations, including its online store and some in-store services, leading to intermittent outages and delayed customer service responses. The company has since restored most services and is working to strengthen its cybersecurity posture.
Company Response
Upon detecting the breach, Belk took immediate action to contain the threat. Measures included:
- Restricting systems access and isolating affected networks,
- Resetting user credentials and administrative access rights,
- Conducting a comprehensive forensic investigation with support from third-party cybersecurity experts,
- Notifying law enforcement and regulatory authorities.
Belk is offering 12 months of complimentary identity protection services for individuals potentially impacted by the breach. This includes credit monitoring, identity restoration support, and up to $1 million in identity theft insurance coverage.
About DragonForce
The attack was claimed by DragonForce, a ransomware group known for aggressive data extortion tactics. Since rebranding as a ransomware-as-a-service (RaaS) cartel in late 2024, DragonForce has expanded its operations by offering its tools to affiliates who target high-profile victims across sectors such as retail, healthcare, and finance.
Analysts say DragonForce uses sophisticated strategies that combine known software vulnerabilities with stealth malware techniques, allowing attackers to maintain persistence within networks before executing their final attack. Belk marks one of the largest retail breaches in the U.S. this year attributed to the group.
Legal and Reputational Implications
The breach has drawn scrutiny from customers and cybersecurity experts alike. Several class-action lawsuits have been filed against Belk, alleging that the company failed to implement adequate data protection and did not notify affected individuals in a timely manner. Regulators may also investigate whether Belk’s data practices complied with applicable consumer protection and privacy laws.
