HQ/EMEAFind out how we can help your business
Victoria’s Secret allegedly shut down its website and halted parts of its in-store services due to a cybersecurity incident.
The global fashion retailer, which operates approximately 1,380 stores in nearly 70 countries and reported £6.23 billion in revenue for the fiscal year, has not provided specific details about the incident’s nature.
However, sources indicate that while digital services are temporarily unavailable, the Victoria’s Secret and PINK stores continue to welcome customers.
A notice on the company’s website informed visitors of a detected security event and indicated that temporary safety measures were being implemented.
Reports suggest the company mentioned that the website and certain in-store services were disabled during recovery efforts. On the other hand, customers were advised that the internal team was working diligently to restore services and were thanked for their patience during this disruption.
The company admitted that it already employed an external service provider to aid in the investigation. A representative also noted that standard response protocols were activated immediately, focusing on restoring secure operations.
Additionally, an internal memo reportedly sent to employees suggested that complete recovery could take some time.
Victoria’s Secret is the latest high-profile entity that suffered a cybersecurity issue this year.
This incident at Victoria’s Secret follows a series of similar breaches impacting other global retail brands.
Recently, Dior revealed unauthorised access to customer data, and a major sportswear company disclosed that cyber criminals had obtained data through a third-party service provider.
Retailers in the UK have also faced a rise in cyberattacks in recent months, with several well-known brands encountering operational disruptions. One retailer is reportedly preparing for losses of up to £300 million (approximately $402 million) due to a breach that resulted in significant service outages.
While no formal connection between these incidents has been established, a ransomware group has taken credit for several attacks. Analysts have observed that the tactics used in these incidents bear similarities to those employed by a threat actor known for sophisticated social engineering techniques.
Recent advisories have also warned that this group is now targeting U.S.-based retailers as part of a broader expansion of ransomware and extortion campaigns.
