securityweek.com - DragonForce says it stole more than 150 gigabytes of data from US department store chain Belk in a May cyberattack
The DragonForce ransomware gang has claimed responsibility for a disruptive cyberattack on US department store chain Belk.
The incident was identified on May 8 and prompted Belk to disconnect affected systems, restrict network access, reset passwords, and rebuild impacted systems, which disrupted the chain’s online and physical operations for several days. The company’s online store is still offline at the time of publication.
Belk’s investigation into the attack determined that hackers had access to its network between May 7 and May 11, and that they exfiltrated certain documents, including files containing personal information.
In a data breach notification submitted to the New Hampshire Attorney General’s Office, Belk said at least names and Social Security numbers were compromised in the attack.
The company is providing the impacted individuals with 12 months of free credit monitoring and identity restoration services, which also include up to $1 million identity theft insurance.
The company has not named the group responsible for the attack, but the DragonForce ransomware gang has claimed the incident on Monday, adding Belk to its Tor-based leak site.
The FBI’s takedown of the LockBit ransomware group last week came as LockBit was preparing to release sensitive data stolen from government computer systems in Fulton County, Ga. But LockBit is now regrouping, and the gang says it will publish the stolen Fulton County data on March 2 unless paid a ransom. LockBit claims the cache includes documents tied to the county’s ongoing criminal prosecution of former President Trump, but court watchers say teaser documents published by the crime gang suggest a total leak of the Fulton County data could put lives at risk and jeopardize a number of other criminal trials
Three different cybercriminal groups claimed access to internal networks at communications giant T-Mobile in more than 100 separate incidents throughout 2022, new data suggests. In each case, the goal of the attackers was the same: Phish T-Mobile employees for access to internal company tools, and then convert that access into a cybercrime service that could be hired to divert any T-Mobile user’s text messages and phone calls to another device.
