HQ/EMEAFind out how we can help your business
Victoria’s Secret has completely restored its core systems following a cybersecurity incident on May 24. The compromise caused the company to shut down its corporate infrastructure and e-commerce website temporarily.
The company operates around 1,380 retail shops in roughly 70 countries with net sales of $1. 353 billion for the first quarter of 2025, with an annual revenue expectation of up to $6 billion.
Victoria’s Secret revealed it had already addressed the issue in its latest filing.
In a recent filing with the US SEC, Victoria’s Secret announced that all affected systems are now operational. The organisation is collaborating with external service providers to assess the scope and impact of the incident.
Despite ongoing recovery efforts, Victoria’s Secret said it does not expect the incident to impact its fiscal performance this year substantially.
Moreover, response processes were swiftly implemented to limit and eliminate unauthorised access. External expertise was invited to help with the recovery process. The corporation highlighted that operations have not been significantly disrupted and that fiscal year 2025 estimates remain intact.
Following the initial notification of the problem, Victoria’s Secret announced that it had suspended numerous internal systems and in-store services, including its e-commerce platform, on May 26 as a precaution. A firm spokesman told a news source that restoration operations were ongoing and that external experts had been summoned to investigate the incident.
The affected company announced on June 3 that it had to postpone presenting its first-quarter financial results due to limited access to crucial systems and data. Due to a system failure, employees could not complete financial reports for the May 3, 2025, quarter, resulting in a delayed earnings announcement and webcast.
As of the reporting time, Victoria’s Secret has not provided the media with any additional information about specific components of the attack. Furthermore, no known ransomware gangs have claimed responsibility for the intrusion.
