US Retail Chain Belk Allegedly Breached by DragonForce, 156GB of Data Leaked
The US department store chain Belk has allegedly become the latest victim of the DragonForce ransomware group, with the attackers claiming to have exfiltrated over 156 gigabytes of company data. Belk’s name was recently listed on DragonForce’s dark web blog, which the group uses to publicize its attacks and pressure victims.
Cybernews researchers who examined the sample data say the leak appears legitimate and could pose a significant risk if confirmed. Screenshots shared by the group show access to directories containing sensitive data across Belk’s internal systems and customer platform.
The exposed data reportedly includes employee profiles, customer names, email addresses, phone numbers, postal addresses, dates of birth, order histories, and even coupon data. Some of the compromised content appears linked to Belk’s mobile app infrastructure.
“The leak appears to be pretty big, due to the number of affected individuals and the extent of the leaked data,” said the Cybernews team.
“Data such as order details and purchased items could be used by malicious actors or gray market organisations such as data brokers or medical insurance companies to profile individual behaviours and risk factors.”
Researchers estimate that the breach may involve over a million individuals, although a portion may be testing or inactive accounts.
Founded in 1888, Belk operates nearly 300 department stores across 16 US states and reported $4 billion in revenue last year.
Earlier in June, the company disclosed a cyber incident to the Office of the New Hampshire Attorney General, confirming that an unauthorized third party had accessed internal systems. It remains unclear whether that report is connected to the DragonForce incident.
On its blog, DragonForce said it initially had no intention to harm the business but decided to escalate when Belk allegedly refused to pay the ransom. The gang published more than 20 directories of stolen data as part of its pressure campaign.
The incident mirrors DragonForce’s recent high-profile attack on UK retailer Marks & Spencer. That breach disrupted online operations, led to product shortages, and reportedly wiped over £1 billion from the company’s market value. M&S expects the incident to result in an estimated £300 million ($403 million) loss in operating profit.
DragonForce is rapidly gaining notoriety as one of the most aggressive ransomware cartels operating today. The group has also claimed responsibility for attacks against rival ransomware gangs, including BlackLock, Mamona, and RansomHub, claiming to have overtaken RansomHub’s infrastructure entirely.
According to Ransomlooker, Cybernews’ dark web monitoring tool, DragonForce has listed 104 victims in the past 12 months, reflecting its growing footprint in the ransomware ecosystem.
Belk has yet to issue a public statement regarding the latest claims.
