DragonForce hackers breach Belk, exposing customer data

Belk, a prominent American retail chain, said it experienced a data security incident earlier this year that led to the unauthorised access and compromise of its customers’ sensitive personal information.

 

Headquartered in Charlotte, North Carolina, Belk primarily operates in the southeastern United States, with nearly 300 locations across 16 states, and also has an online presence at belk.com. Belk offers a wide range of merchandise, including apparel, shoes, accessories, cosmetics, home furnishings, and a wedding registry.

 

In a data security incident notice filed with the Office of New Hampshire Attorney General, Belk said that on May 8, it identified an unauthorised access to its internal network. The company immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

The investigation revealed that “Belk was the victim of a cyber incident in which an unauthorised actor gained access to certain corporate systems and data between May 7 and May 11, 2025.

 

“Belk worked diligently with external cybersecurity experts to determine the source and scope of this unauthorised access. We concluded that the actor obtained certain internal documents related to Belk,” reads the notice filed with the Attorney General’s office.

 

The compromised data included names, Social Security Numbers and other personal identifiers. The retailer giant is yet to share the number of affected individuals.

 

“We took immediate steps in response to the incident to stop the unauthorised access and secure our systems. We also conducted a thorough investigation, which included our full cooperation with law enforcement,” Belk added.

 

The company has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and the state attorney general.

 

It has also offered one year of complimentary identity protection and credit monitoring services through Epiq to all affected individuals.

 

 

In July, the DragonForce hacking group claimed responsibility for the cyber attack on Belk and listed it as a victim on its data leak site. The group claimed to be in possession of 156.32 GB of confidential data stolen from the company and made it available for download, suggesting a failed ransom negotiation.