The DragonForce ransomware gang has claimed responsibility for a disruptive cyberattack on US department store chain Belk.
The incident was identified on May 8 and prompted Belk to disconnect affected systems, restrict network access, reset passwords, and rebuild impacted systems, which disrupted the chain’s online and physical operations for several days. The company’s online store is still offline at the time of publication.
Belk’s investigation into the attack determined that hackers had access to its network between May 7 and May 11, and that they exfiltrated certain documents, including files containing personal information.
In a data breach notification submitted to the New Hampshire Attorney General’s Office, Belk said at least names and Social Security numbers were compromised in the attack.
The company is providing the impacted individuals with 12 months of free credit monitoring and identity restoration services, which also include up to $1 million identity theft insurance.
The company has not named the group responsible for the attack, but the DragonForce ransomware gang has claimed the incident on Monday, adding Belk to its Tor-based leak site.
DragonForce says it exfiltrated 156 gigabytes of data from the department store chain, and has made all of it available for download, which suggests that Belk did not pay a ransom.
Active since at least December 2023, DragonForce is a ransomware-as-a-service (RaaS) operation that supposedly hit around 210 organizations, albeit only 38 incidents have been confirmed to date.
The hacking group made headlines recently, after a series of disruptive attacks on UK retail chains like Co-op, Harrods, and Marks & Spencer. Those attacks have been linked to the notorious Scattered Spider cybercrime group.
Founded in the late 1800s in Monroe, North Caroline, Belk operates over 300 department stores across 16 states, along with an online store, offering apparel, accessories, cosmetics, shoes, home furnishings, and a wedding registry.
Related: Ingram Micro Restores Systems Impacted by Ransomware
Related: Chain IQ, UBS Data Stolen in Ransomware Attack
Related: DragonForce Ransomware Hackers Exploiting SimpleHelp Vulnerabilities
Related: US Insurance Industry Warned of Scattered Spider Attacks
