In May 2025, Belk Inc., a prominent U.S. department store chain, experienced a substantial ransomware attack orchestrated by the cybercriminal group known as DragonForce. This incident underscores the escalating threat of ransomware attacks targeting major retailers and the critical importance of robust cybersecurity measures.
Incident Overview
The cyberattack was identified on May 8, 2025, prompting Belk to take immediate action by disconnecting affected systems, restricting network access, resetting passwords, and rebuilding compromised systems. These measures led to significant disruptions in both online and physical store operations, with the company’s online store remaining offline for an extended period.
Extent of the Breach
Investigations revealed that the attackers had access to Belk’s network from May 7 to May 11, during which they exfiltrated approximately 156 gigabytes of data. This data included sensitive personal information such as names and Social Security numbers. In response, Belk has offered affected individuals 12 months of free credit monitoring and identity restoration services, including up to $1 million in identity theft insurance.
DragonForce’s Involvement
DragonForce, a ransomware-as-a-service (RaaS) operation active since at least December 2023, claimed responsibility for the attack. The group has been linked to approximately 210 organizations, with 38 confirmed incidents to date. Notably, DragonForce has also targeted major UK retail chains such as Co-op, Harrods, and Marks & Spencer.
Legal Repercussions
Following the breach, Belk faced multiple lawsuits alleging inadequate data security measures and delayed notification to affected individuals. One lawsuit filed in North Carolina claims that the company failed to implement sufficient data security protocols, leading to the exposure of sensitive personal information. ([forthepeople.com](https://www.forthepeople.com/blog/belk-data-breach-retailer-hit-lawsuits-after-may-cyberattack/?utm_source=openai))
Company Response
Belk has acknowledged the cyber incident and emphasized that customer data was unaffected. The company has been transparent about the steps taken to mitigate the impact and has committed to enhancing its cybersecurity infrastructure to prevent future incidents. ([bizjournals.com](https://www.bizjournals.com/triad/news/2025/06/05/belk-cyber-incident-data-breach-sales-retail.html?utm_source=openai))
Broader Implications
This attack on Belk highlights the growing trend of ransomware groups targeting large retail organizations. Similar incidents have occurred in the past, such as the LockBit ransomware attack on Canadian retailer London Drugs in May 2024, which led to significant operational disruptions. ([en.wikipedia.org](https://en.wikipedia.org/wiki/LockBit?utm_source=openai))
Preventative Measures
To mitigate the risk of ransomware attacks, organizations are advised to implement comprehensive cybersecurity strategies, including regular system updates, employee training on phishing and other cyber threats, and the establishment of robust incident response plans. Proactive measures are essential to protect sensitive data and maintain customer trust.
Conclusion
The ransomware attack on Belk serves as a stark reminder of the persistent and evolving threats in the digital landscape. Retailers and other organizations must prioritize cybersecurity to safeguard their operations and the personal information of their customers and employees.
