Article Details
Scrape Timestamp (UTC): 2025-05-29 11:33:40.724
Original Article Text
Click to Toggle View
Victoria’s Secret takes down website after security incident. Image: Rowanlovescars (CC BY-SA 4.0) Fashion giant Victoria's Secret has taken down its website and some store services because of an ongoing security incident. Victoria's Secret manages approximately 1,380 retail stores in nearly 70 countries and reported an annual revenue of $6.23 billion for the fiscal year ending February 1, 2025. The company says in a message on its website that its Victoria's Secret and PINK stores remain open while operations are being restored. Hillary Super, the retailer's chief executive officer, also told employees that "Recovery is going to take awhile," in a note sent to employees and seen by Bloomberg News. A company spokesperson has yet to reply after BleepingComputer asked for more details, including whether the incident resulted from a ransomware attack and whether Victoria's Secret received a ransom demand. "Valued customer, we identified and are taking steps to address a security incident. We have taken down our website and some in store services as a precaution," it says. "Our team is working around the clock to fully restore operations. We appreciate your patience during this process." Two weeks ago, French luxury fashion brand Dior disclosed another cybersecurity incident after unknown attackers accessed data on some Dior Fashion and Accessories customers. German sportswear giant Adidas also revealed a data breach last week after threat actors who hacked a customer service provider stole some of its customers' data. These incidents follow a series of other attacks targeting retailers across the United Kingdom over the last several months, including Harrods, Co-op, and Marks & Spencer. Marks & Spencer is now bracing for a potential profit hit of up to £300 million (approximately $402 million) after the breach led to widespread sales and operational disruptions. Although it's unclear whether these attacks are connected, the DragonForce ransomware operation has claimed responsibility for all three incidents. BleepingComputer also discovered that the attackers had employed social engineering tactics associated with the Scattered Spider threat actors. Last week, Google warned that Scattered Spider is now also targeting retailers in the United States in ransomware and extortion operations. Top 10 MITRE ATT&CK© Techniques Behind 93% of Attacks Based on an analysis of 14M malicious actions, discover the top 10 MITRE ATT&CK techniques behind 93% of attacks and how to defend against them.
Daily Brief Summary
Victoria's Secret has temporarily shut down its website and certain in-store services due to a security incident.
The fashion retailer operates around 1,380 stores globally and reported annual revenues of $6.23 billion for the fiscal year ending February 2025.
Stores under the Victoria's Secret and PINK brands remain open as the company works to restore full operations.
CEO Hillary Super communicated to employees that the recovery process from the incident would be prolonged.
Specific details regarding the nature of the cyberattack, such as whether it involved ransomware or if a ransom was demanded, have not been confirmed.
The incident at Victoria's Secret is part of a larger trend, following recent cybersecurity breaches at other major retailers like Dior and Adidas.
Recent attacks against UK retailers like Harrods, Co-op, and Marks & Spencer have been linked to the DragonForce ransomware group, with indications of similar tactics being used in the US.