Belk, the popular US department store chain, has allegedly been targeted by the DragonForce hacker group. This is the same group that struck UK retailer Marks & Spencer with a cyberattack, costing the company hundreds of millions of dollars.

Belk was posted on DarkForce’s dark web blog, which it uses to showcase its latest victims. The attackers claim they’ve obtained over 156 gigabytes of company data, ranging from backups to employee profiles.

We have reached out to the company for comment and will update the article once we receive a reply.

Meanwhile, the Cybernews research team investigated DragonForce’s claims. According to researchers, the leak appears legitimate and includes a lot of sensitive data. If confirmed, the hack could be “impactful,” the team said.

The leaked data appears to include all available store coupons, employee and registered customer data such as names, dates of birth, addresses, phone numbers, email addresses, and customer orders, including purchased items. Moreover, some of the information seems to have been taken from Belk’s mobile app infrastructure.

“The leak appears to be pretty big, due to the number of affected individuals and the extent of the leaked data. Data such as order details and purchased items could be used by malicious actors or gray market organisations such as data brokers or medical insurance companies to profile individual behaviours and risk factors,” researchers said.

The team said it is difficult to determine how many individuals were exposed in the attack, but based on similar events in the past, a million users could be includes in the leaked data. However, researchers noted that some of the exposed users will likely be testing accounts.

DragonForce shared a screenshot containing over 20 directories that the cybercriminals allegedly accessed. The data that attackers may have accessed appears to cover a wide range of areas, from store data to Belk online users.

Established in 1888, Belk is among the oldest department store chains in the US. The company operates nearly 300 stores in 16 states across the US, and, according to Forbes, enjoyed a revenue of $4 billion last year.

Was Belk previously hacked?

In early June, Belk submitted a breach notification to the Office of the New Hampshire Attorney General, saying that the company was “the victim of a cyber incident in which an unauthorized third party gained access to certain corporate systems and data.”

At the time of writing, it’s unclear if the two incidents are connected.

Meanwhile, DragonForce shared some bold claims on its dark web blog, saying it wasn’t the gang’s intention to “destroy your business." However, the gang resorted to destructive actions after the company refused to pay the ransom.

DragonForce is quickly becoming one of the most notorious ransomware cartels currently operating. The gang recently made headlines after a devastating attack on major UK retailer Marks & Spencer (M&S).

The attack forced M&S' online clothing operation offline, left some food shelves bare, and wiped over a billion pounds from the company's stock market value. Online sales and trading profit in that division have been "heavily impacted" by the decision to suspend online shopping.

In total, the attack is expected to cost the company about 300 million pounds ($403 million) in operating profit.

First spotted in 2023, the gang has been causing trouble for its competitors as well. The cartel claimed hacks against data leak sites belonging to BlackLock and Mamona, two related ransomware groups.

DragonForce also says it hacked RansomHub, another prominent ransomware cartel and one of the most active gangs from last year. DragonForce lures competitors with the opportunity to join its ranks and claims to have overtaken RansomHub’s infrastructure.

According to the Cybernews dark web monitoring tool, Ransomlooker, DragonForce has attacked 104 organisations in the last 12 months.