Two lawsuits were filed this week in federal court against Belk for a data breach and then for allegedly concealing the cyberattack.

In both cases, the plaintiffs are also seeking certification for class-action suits.

Belk failed to protect sensitive personal current and former employee and customer information, according to the lawsuits, and has yet to provide information or details about the data breach that occurred sometime between May 7 and May 11.

In both cases, the plaintiffs seek monetary damages and demand a jury trial.

Belk did not immediately respond to requests for comment about the lawsuits Thursday.

Last month, all Belk department stores had a computer “system shutdown,” The Charlotte Observer reported on May 19. Belk had not publicly shared information about the system problems, and company officials have not respond to repeated requests for comment.

The 136-year-old Charlotte-based department store chain has nearly 300 stores in 16 Southeast states.

Claims in the first lawsuit

The first case was filed Monday by Andrew Davis of Kings Mountain and a former employee related to the data breach.

Cyber criminals accessed and stole internal documents from Belk’s systems, including names and Social Security numbers, according to the lawsuit.

Belk disclosed the breach in a June, 5, 2025, letter to the New Hampshire Attorney General, but has “failed to notify victims in a timely and transparent way,” according to the lawsuit.

Personal information for one New Hampshire resident was accessed by an unauthorized third party, Belk’s attorney Peter Carey said in a letter attached to the lawsuit.

Belk discovered the incident on May 8, according to a notice of data breach that would be sent to the resident.

“Belk was the victim of a cyber incident in which an unauthorized third party gained access to certain corporate systems,” the company said in the notice. “We took immediate steps in response to the incident to stop the unauthorized access and secure our systems. We also conducted a thorough investigation, which included our full cooperation with law enforcement.”

Belk also said “the investigation of the potentially affected data is ongoing.”

Belk’s attorney did not immediately respond to requests for comment Thursday..

Attorneys with Milberg Coleman Bryston Phillips Grossman in Raleigh and Coral Gables, Florida, and Federman and Sherwood in Oklahoma City and Dallas represent the plaintiff.

Claims in the other suit

The second case was filed Tuesday by Andrea Larson of Charlotte related to a data breach exposing Social Security numbers of Belk’s employees due to “inadequate cybersecurity measures,” according to the lawsuit.

Owens says her data was among the stolen and that she has since been targeted with phishing attempts and suspicious account alerts, including attempts to access a Coinbase account that she did not open, according to the lawsuit.

Attorneys with Milberg Coleman Bryston Phillips Grossman in Raleigh, and Stranch, Jennings and Garvey in Nashville, Tennessee, represent the plaintiff.

According to both lawsuits, Belk failed to follow Federal Trade Commission guidelines and did not implement reasonable cybersecurity safeguards, left data unencrypted and vulnerable, and knew about cybersecurity threats and failed to act responsibly.

As a result, the plaintiffs and potential class members must closely monitor their financial accounts long-term for fraud and identity theft, according to the lawsuits.

©2025 The Charlotte Observer. Visit at charlotteobserver.com. Distributed by Tribune Content Agency, LLC.