DragonForce Claims Belk Data Breach, Lawsuits Allege Poor Protection

DragonForce Hackers Claim Responsibility for Belk Data Breach

A threat group known as DragonForce has claimed responsibility for a significant data breach at Belk, a North Carolina-based department store chain. The group asserts that they have acquired approximately 156 gigabytes of sensitive company data linked to an attack that took place in May 2025. DragonForce is connected to a series of cyberattacks targeting retail firms across the U.K. and the U.S., and this incident marks one of the latest in a growing list of breaches.

Researchers have associated DragonForce with an earlier attack on Marks & Spencer, highlighting a pattern of breaches connected to a broader campaign attributed to Scattered Spider. Chris Yule, director of threat research at Sophos, commented, "DragonForce operates as Ransomware-as-a-Service — meaning various groups can pay for affiliate access to DragonForce’s leak site." This model complicates the tracing of individual victims due to the varied affiliations of the attackers.

Sophos has shared screenshots from DragonForce's leak site, which were posted on Monday, indicating that the breach occurred in early May. The group, having rebranded in 2023, allows other operators to utilize its hacking infrastructure, making it easier for different groups to launch attacks under the DragonForce name or independently.

As of March, DragonForce had listed around 136 victims on its leak site, with the recent breach at Belk being part of a larger trend of attacks that have also affected notable retailers such as Harrods, Victoria’s Secret, and Whole Foods distributor United Natural Foods.

Scattered Spider has shifted its focus towards the insurance and airline industries after the recent spree of retail attacks.

For more details, visit Cybersecurity Dive and Sophos.

Legal Actions Against Belk

In response to the breach, Belk Inc. faces a pair of class action lawsuits filed in North Carolina. These lawsuits claim that the retailer failed to protect the personal information of its employees and customers, resulting in the cyberattack that has allegedly been concealed from the public.

Lawsuit
The lawsuits detail how Belk's negligence in safeguarding private information has led to significant vulnerabilities, exposing sensitive data to cybercriminals. The attached documents include complaints and are accessible for further examination.

Law firms involved in these cases include Federman & Sherwood and Milberg Coleman.

The implications of these lawsuits could be severe, particularly as they challenge the retailer’s practices in data security and its response to the breach.

For more information on the class action lawsuits, visit Law360 and Consumer Protection.

Ransomware Attacks Target Russian Vodka and Healthcare Sectors

The Novabev Group, parent company of the Beluga vodka brand, experienced a ransomware attack on July 14, 2025, causing significant disruptions. The attack affected WineLab, the company's liquor store chain, leading to a three-day closure of over 2,000 locations in Russia. The company reported that the attack crippled its IT infrastructure, particularly point-of-sale systems and online services. Novabev Group stated, "The company maintains a principled position of rejecting any interaction with cybercriminals and refuses to fulfill their demands."

By Alan V Gutnov July 19, 2025 3 min read

Retail Sector Faces Surge in Ransomware Attacks: A 2025 Analysis

Publicly disclosed ransomware attacks on the retail sector globally surged by 58% in Q2 2025 compared to Q1, with UK-based firms being particularly targeted, according to a report by BlackFog. This spike in attacks follows high-profile breaches affecting retailers like Marks & Spencer (M&S), The Co-op, and Harrods, attributed to the threat actor known as Scattered Spider.

By Alan V Gutnov July 19, 2025 2 min read

AI-Driven Lcryx Ransomware Emerges in Cryptomining Botnet

A cryptomining botnet active since 2019 has incorporated a likely AI-generated ransomware known as Lcryx into its operations. Recent analysis by the FortiCNAPP team at FortiGuard Labs identified the first documented incident linking H2miner and Lcryx ransomware. This investigation focused on a cluster of virtual private servers (VPS) utilized for mining Monero.

By Edward Zhou July 19, 2025 3 min read

Preventing ClickFix Attacks: Safeguarding Against Human Error

ClickFix is an emerging social engineering technique utilized by threat actors to exploit human error. This technique involves misleading users into executing malicious commands under the guise of providing "quick fixes" for common computer issues. Threat actors use familiar platforms and deceptive prompts to encourage victims to paste and run harmful scripts.