Security Affairs
JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Belk hit by May cyberattack: DragonForce stole 150GB of data

Ransomware group DragonForce claims it attacked U.S. retailer Belk in May, stealing over 150GB of data in a disruptive cyberattack. The infamous Ransomware group DragonForce claimed responsibility for the May disruptive attack on US department store chain Belk. The ransomware gang claimed it had stolen 156 gigabytes of data from Belk. Belk, Inc. is a […]

Belk

Ransomware group DragonForce claims it attacked U.S. retailer Belk in May, stealing over 150GB of data in a disruptive cyberattack.

The infamous Ransomware group DragonForce claimed responsibility for the May disruptive attack on US department store chain Belk. The ransomware gang claimed it had stolen 156 gigabytes of data from Belk.

Belk, Inc. is a major American department store chain, founded in 1888 in Monroe, North Carolina, and currently headquartered in Charlotte. Operating around 300 locations across 16 states, Belk offers apparel, footwear, home furnishings, jewelry, beauty products, and more.

Belk suffered a cyberattack between May 7 and 11, 2025, where an unauthorized party accessed corporate systems and stole some internal documents.

“Specifically, Belk was the victim of a cyber incident in which an unauthorized third party gained access to certain corporate systems and data between May 7-11, 2025.” reads the data breach notification shared by the organization with the New Hampshire Attorney General’s Office. “After discovering the incident on May 8, 2025, Belk worked diligently with third-party cybersecurity experts to determine the source and scope of this unauthorized access. Belk concluded that the third party obtained certain internal documents related to Belk.”

The company is investigating the incident with the help of third-party cybersecurity experts and notified law enforcement. Belk responded to the cyberattack by restricting network access, blocking threats, resetting passwords, rebuilding systems, and enhancing security monitoring.

Threat actors stole certain internal documents, including files containing personal information. Names and Social Security numbers were compromised in the attack.

“Belk maintains a written information security program. With professional support from third-party cybersecurity experts, Belk promptly responded to contain and investigate the incident. Belk also alerted and cooperated with law enforcement.” continues the notification. “Belks’s containment and remediation actions included restricting network access, blocking known indicators of compromise, completing a password reset, rebuilding affected servers and endpoints, and deploying additional security tools to provide enhanced monitoring capabilities and endpoint protection.”

At this time, the Belks’s website is still unavailable.

Belk is offering affected individuals 12 months of free credit monitoring and identity restoration services.

This week, DragonForce ransomware gang added the company to Tor leak site. The stolen data are available for download, a circumstance that suggests a failed negotiation.

The DragonForce group has been active since at least December 2023, which recently made the headlines for the attacks on UK retailers like Marks & SpencerCo-op, and Harrods.

DragonForce ransomware group scrambles victims’ data and demands a ransom; they are also known to steal victims’ data. DragonForce runs a cybercrime affiliate service, letting affiliates use its tools to launch attacks and extort victims. The group manages both Telegram and Discord channels, cybersecurity experts believe it is composed of English-speaking teenagers.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, data breach)