Belk Data Breach: 150GB Stolen in Cyberattack, Lawsuits Filed

Belk Cyberattack Overview

Image courtesy of Security Affairs

Ransomware group DragonForce claimed responsibility for a cyberattack on U.S. retailer Belk, occurring between May 7 and 11, 2025. During this incident, over 150GB of data was stolen, including sensitive internal documents containing personal information such as names and Social Security numbers. The group announced the attack, asserting that they had accessed certain corporate systems without authorization.

Belk's incident report states, "Specifically, Belk was the victim of a cyber incident in which an unauthorized third party gained access to certain corporate systems and data between May 7-11, 2025." The company notified the New Hampshire Attorney General’s Office about the breach and has been cooperating with law enforcement during the investigation.

To mitigate the incident, Belk implemented measures including restricting network access, blocking threats, resetting passwords, and enhancing security monitoring. Affected individuals are being offered 12 months of free credit monitoring and identity restoration services.

Links:

• DragonForce Ransomware Group
• Belk Company Profile
• Data Breach Notification

Cybersecurity Vulnerability in Fortinet FortiWeb

Image courtesy of Security Affairs

Fortinet has issued a critical alert regarding a pre-authentication remote code execution (RCE) vulnerability identified as CVE-2025-25257 in FortiWeb, rated with a CVSS score of 9.8. This SQL injection vulnerability allows unauthenticated attackers to execute unauthorized SQL commands through crafted HTTP/HTTPS requests.

The advisory states, “An improper neutralization of special elements used in an SQL command (‘SQL Injection’) vulnerability in FortiWeb may allow an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPS requests.”

Fortinet has released patches in versions 7.6.4, 7.4.8, 7.2.11, and 7.0.11 to address this issue. Security researchers from WatchTowr have analyzed the vulnerability and created a detection artifact generator for it.

Administrators are urged to apply these patches immediately, as the availability of public exploits raises concerns about potential active exploitation.

Links:

• Fortinet CVE-2025-25257 Advisory
• WatchTowr Analysis
• Detection Artifact Generator

Legal Actions Against Belk

Belk Inc. is facing class action lawsuits for allegedly failing to protect the personal information of its employees and customers. The lawsuits claim that the company concealed the cyberattack that led to the data breach. This legal action highlights the increasing scrutiny on organizations regarding their cybersecurity practices and responsibilities.

The lawsuits filed in North Carolina assert that Belk did not take adequate measures to safeguard sensitive data, potentially leaving individuals vulnerable to identity theft and fraud.

Links:

• Class Action Details
• Consumer Protection Information

Explore our services at Gopher Security for comprehensive cybersecurity solutions tailored to protect your organization from evolving threats. Contact us today for more information.