DragonForce Strikes Belk: Major Retail Data Breach Unfolds

Belk Data Breach 2025

The US-based department store Belk has suffered a significant cyberattack. The group behind it, DragonForce, claims to have stolen and leaked over 156 GB of sensitive data. This follows the gang’s recent attack on Marks & Spencer in the UK, which led to $400 million in losses.

DragonForce published evidence of the Belk breach on its dark web portal. The exposed data includes customer records, internal employee files, and critical infrastructure information.

Leaked Data Poses Serious Security Risks

Cybernews researchers confirm the data appears authentic and high-risk. The leak contains:

  • Names, addresses, and contact details of customers
  • Internal profiles and HR records
  • Purchase history with item-level order details
  • Infrastructure code tied to Belk’s mobile platform
  • Backups and over 20 internal directories

The breach may impact millions of users. While some entries might be test accounts, most reflect real consumer and employee data.

Security experts warn the stolen information could be misused for identity theft, fraud, or profiling by threat actors and data brokers.

DragonForce Expands Operations and Tactics

DragonForce has escalated its methods in recent months. The group claims Belk’s refusal to pay ransom forced their hand. They posted stolen files and screenshots online, detailing access to several core systems.

Dark web sources suggest DragonForce now ranks among the most aggressive ransomware groups. In the last year alone, it targeted over 100 entities, including retail giants. Its campaign against Marks & Spencer disrupted logistics, shut down e-commerce, and damaged the company’s market valuation.

In a surprising move, DragonForce also claims it hacked a rival ransomware outfit, RansomHub, and invited other cybercriminals to join forces.

Eye World’s View:

The Belk incident demonstrates how retail brands remain prime targets for ransomware. As one of the oldest US retailers, Belk’s legacy and scale did not shield it from exploitation. Organizations must invest in real-time monitoring, breach response plans, and zero-trust frameworks to counter increasingly aggressive cyber threats.

Facebook
X
LinkedIn
Picture of Fredrik Bjoerklund
Fredrik Bjoerklund
Fredrik Björklund serves as the CEO of Eye World, bringing with him over two decades of experience in internet-based industries. With a strong background in Internet and Cybersecurity, Fredrik is recognized as a seasoned expert in digital risk management, online infrastructure, and the ever-evolving cybersecurity landscape. His deep understanding of the digital world positions him as a trusted voice in the industry. As part of his leadership role, Fredrik will take an active position in curating and reporting on global cybersecurity developments. He will regularly update the Eye News Section with the latest insights, emerging threats, and critical updates in the cybersecurity domain, ensuring readers are well-informed in an increasingly digital and vulnerable world.