“Massive Ransomware Attack on Belk Exposes 156 GB of Sensitive Employee Data, Including Social Security Numbers”

156 GB of sensitive data stolen from Belk’s internal systems, including Social Security numbers and personal files, as lawsuits accuse the retail giant of concealing the breach.

Charlotte, N.C. — July 16, 2025

In a troubling development for corporate cybersecurity, the ransomware group DragonForce has claimed responsibility for a significant data breach targeting Belk, the Charlotte-based department store chain. The attack, which took place in May 2025, resulted in the theft of 156 gigabytes of sensitive internal data, including names and Social Security numbers of employees and their family members.

The breach forced a complete shutdown of Belk’s computer systems across nearly 300 store locations and digital platforms in the Southeastern United States. Despite the scope of the disruption, Belk has yet to publicly acknowledge the full details of the incident, drawing sharp criticism from legal and cybersecurity experts.

“This is a textbook case of corporate opacity,” said Dana McAllister, a cybersecurity attorney based in Atlanta. “When a retailer delays disclosure of a breach involving personal identifiers like Social Security numbers, it not only risks legal liability—it erodes public trust.”

Belk began notifying affected individuals by letter on June 5, but only after multiple lawsuits were filed, accusing the company of attempting to conceal the cyberattack. The complaints allege that Belk failed to implement sufficient cybersecurity protections and that the company waited weeks to inform victims, potentially exposing them to identity theft and financial fraud.

“I found out from a lawsuit, not from Belk,” said Tamara Lewis, a former employee whose entire household’s data was compromised. “They had my kids’ Social Security numbers. That’s not just a breach of systems—that’s a breach of trust.”

Founded in 1888, Belk operates in 16 Southeastern U.S. states, with a longstanding reputation as a trusted regional retailer. But the incident has raised serious questions about the company’s digital infrastructure and its ability to respond to modern cyber threats. According to insiders, the attack crippled store operations for several days, disrupting inventory systems, point-of-sale terminals, and online fulfillment.

The DragonForce ransomware gang, which operates primarily out of Eastern Europe, is known for targeting legacy retail chains and healthcare networks, where older digital systems present weak points. On dark web forums, the group claimed it exfiltrated documents including payroll records, employee communications, insurance data, and internal HR files.

“This isn’t just about ransomware anymore—it’s about digital extortion at scale,” said Dr. Carl Neumann, director of cybercrime research at the University of South Carolina. “Hackers are now targeting entire ecosystems—supply chains, HR departments, family data—all to increase pressure on victims.”

The U.S. Federal Trade Commission (FTC) has not commented on whether it will open a formal investigation into Belk’s incident, but several state attorneys general are reportedly reviewing the lawsuits for potential consumer protection violations.

Belk, which emerged from bankruptcy in 2021, has struggled to modernize its operations amid increasing competition from online retailers. The breach adds new urgency to calls for robust cyber resilience standards in the retail sector—especially for companies handling large volumes of employee and customer data.

“Retailers like Belk are sitting on digital treasure troves,” said McAllister. “It’s time they treat cybersecurity like the business imperative it is.”

As of mid-July, Belk has not publicly confirmed whether it paid any ransom to DragonForce or whether law enforcement is involved in negotiations. Industry experts warn that silence may signal either ongoing legal consultation—or that the company has lost control of its data.

For now, affected employees and their families are left with uncertainty—and a letter in the mail.