Introduction

Victoria’s Secret is currently managing a significant cybersecurity incident that has disrupted its IT infrastructure, leading to outages on its US e-commerce website and affecting online orders. This incident has posed substantial operational challenges for the company, impacting digital sales and internal systems during a critical period.

Description

Victoria’s Secret confirmed that the incident began on May 28, 2025, rendering the Victoria’s Secret and PINK websites unavailable for over 14 hours and prompting the temporary shutdown of select in-store services, including digital lookups, loyalty redemptions [4], and backend order processing [4], as a precaution [1] [3] [5] [7] [9] [10] [12]. Visitors to the site are currently met with a black screen displaying the company’s statement regarding the situation [5]. In response, Victoria’s Secret activated its incident response protocols [3] [5], engaging third-party cybersecurity experts for investigation and remediation [8], and has informed law enforcement while preparing to notify regulatory bodies if data exposure is confirmed.

While physical stores remain operational [3], this disruption has halted digital sales, which generated $2 billion in revenue during 2024, accounting for about a third of the company’s annual sales [5]. The incident has restricted employee access to internal systems [6], contributing to operational challenges during a critical period for the retailer, which operates approximately 1,350 stores across 70 countries and is undergoing a corporate turnaround focused on inclusivity and store revamps. The company has displayed a customer notice on its website regarding the security incident, indicating that it is working diligently to restore operations [12]. CEO Hillary Super has stated that recovery efforts may take considerable time, with customer care and some distribution center functions currently paused [8].

Although the nature of the attack has not been definitively disclosed, initial discussions suggest a potential ransomware threat or an SQL injection attack, as the company works to contain the attack and prevent the exfiltration of sensitive customer data [1]. Security experts have indicated that the operational disruption pattern points to a sophisticated multi-stage attack, aligning with known cybercriminal tactics of targeting organizations during public holidays to maximize the potential for successful compromise [8]. Concerns have been raised that personal information and payment details may have been compromised, although Victoria’s Secret has not confirmed this and is required to file a formal disclosure if the incident is deemed material [6].

Customers began reporting issues with the website as early as May 28 [11], and the company is working to fulfill orders placed before that date while extending return windows for affected customers [11]. Additionally, some employees experienced lockouts from their company email accounts [11], and operations in customer care and distribution centers have been paused [6]. The breach has caused significant disruptions to online orders, customer service systems [2] [12], and internal communications [2], with shares for Victoria’s Secret closing down nearly 7% following the breach disclosure. Customers have expressed frustration on social media regarding their inability to check order statuses and the lack of customer service response [12].

In light of this incident, customers are advised to monitor their account activity for unusual transactions and consider changing their passwords [9], especially if they are reused across different sites [9]. Experts caution that cybercriminals may exploit the situation to send fraudulent communications [9], urging vigilance in verifying the authenticity of any emails or messages claiming to be from Victoria’s Secret [9]. This incident is part of a broader trend of cyberattacks affecting various retailers [8] [11], including recent breaches reported by companies like Adidas [11], Marks & Spencer [8] [10] [11], Co-op [8], and Harrods [8] [10], attributed to the Scattered Spider cybercriminal collective [8]. The identity of the perpetrators remains unknown [7], but their methodology typically involves social engineering [8], credential harvesting [8], and deploying ransomware that encrypts both Windows and Linux systems [8]. Richard Blech [5], CEO of AI security firm XSOC Corp. [5], noted that hackers are well-resourced and ahead of the game [5], indicating a critical failure in digital trust [5], as many retailers remain unprepared for such attacks due to reliance on third-party cybersecurity services [5].

Conclusion

The cybersecurity incident at Victoria’s Secret underscores the vulnerabilities faced by retailers in the digital age. The disruption has not only affected the company’s sales and operations but also highlighted the need for robust cybersecurity measures. As the company works to mitigate the impact and restore services, this incident serves as a reminder of the importance of preparedness and vigilance in the face of evolving cyber threats. Future implications include the potential for increased regulatory scrutiny and the necessity for retailers to enhance their cybersecurity infrastructure to protect against sophisticated attacks.

References

[1] https://www.techradar.com/pro/security/victorias-secret-laid-bare-after-security-incident-takes-down-systems
[2] https://www.cybersecurityintelligence.com/blog/significant-breach-disrupts-victorias-secret-8471.html
[3] https://techcrunch.com/2025/05/28/victorias-secret-hit-by-outages-as-it-battles-security-incident/
[4] https://www.exploitone.com/data-breach/victorias-secret-hit-by-cyberattack-heres-what-theyre-not-telling-you/
[5] https://www.cnn.com/2025/05/28/business/victorias-secret-website-down-security-incident
[6] https://cyberinsider.com/victorias-secret-shuts-down-website-and-store-systems-following-cyberattack/
[7] https://www.nbcnews.com/tech/security/victorias-secret-takes-website-security-incident-rcna209682
[8] https://cybersecuritynews.com/victorias-secret-website-went-offline/
[9] https://www.forbes.com/sites/daveywinder/2025/05/29/victorias-secret-lingerie-site-down—security-incident-cited/
[10] https://www.fingerlakes1.com/2025/05/29/victorias-secret-website-breach/
[11] https://www.cbsnews.com/news/victorias-secret-us-website-dark-security-incident/
[12] https://www.bbc.com/news/articles/cwy6l5573jyo