The popular U.S. department store chain Belk is under scrutiny following a cyberattack that may have compromised sensitive customer information. The Belk data breach has drawn attention, particularly after the hacking group DragonForce claimed responsibility for attack. According to the law firm Schubert Jonckheer & Kolbe LLP, which is actively investigating the data breach, Belk identified unauthorized access to its network between May 7 and 11, 2025.
The data breach at Belk prompted an immediate internal response: the company disconnected affected systems, restricted access across its networks, reset passwords, and rebuilt compromised systems. These actions caused noticeable operational disruptions for several days.
Despite the data breach being detected in early May, Belk did not begin notifying potentially affected individuals until around June 5, 2025.
What Data Was Compromised in Belk Data Breach?
The scope of the data breach appears serious. Reports indicate that the following types of personal information may have been exposed:
- Full names
- Dates of birth
- Residential addresses
- Social Security numbers
- Phone numbers
- Email addresses
- Details of customer orders, including purchased items
This combination of data puts affected individuals at high risk for identity theft, fraud, and other forms of privacy violations.
Adding to the tension further, the hacking collective DragonForce has claimed credit for the cyberattack on Belk. The group, previously responsible for an attack on UK retailer Marks & Spencer, listed Belk as one of its victims on its DarkForce dark web blog.
Legal and Consumer Action
In response to the Belk data breach, the legal firm Schubert Jonckheer & Kolbe LLP is evaluating the possibility of a class action lawsuit. The firm suggests that impacted individuals may be eligible for monetary compensation and injunctive relief, including mandatory changes to Belk’s cybersecurity practices.
“If your personal information was impacted by this incident, you may be at risk of identity theft and other serious violations of your privacy,” the firm stated in a public notice. Consumers who received a breach notification or believe their data may have been affected are encouraged to seek legal guidance through ClassActionLawyers.com.
Conclusion
The Cyber Express has reached out to Belk to learn more about this incident. However, at the time of writing this, no official statement or response had been received. This is an ongoing story, and The Cyber Express is closely monitoring the situation. We will update this post once we have more data on the Belk data breach or any additional information from the company.
The company’s June 2025 breach notification to the New Hampshire Attorney General acknowledged “unauthorized access to certain corporate systems and data,” but stopped short of connecting the incident to the DragonForce claims.
