Article Details
Scrape Timestamp (UTC): 2025-05-29 00:35:18.427
Source: https://www.theregister.com/2025/05/29/victoria_secrets_outage/
Original Article Text
Click to Toggle View
Victoria's Secret website laid bare for three days after 'security incident'. Knickers outlet knackered. Underwear retailer Victoria's Secret’s website has been down for three days, with the company blaming an unspecified security problem. "We identified and are taking steps to address a security incident," a spokesperson told The Register. "We immediately enacted our response protocols, third-party experts are engaged, and we took down our website and some in-store services as a precaution. We are working to quickly and securely restore operations." As of 5.30 pm San Francisco time on Wednesday, the website displays a similar message on a pink background - and nothing else. The company declined to respond to our questions about a possible ransomware infection, the timeline of the problems, or whether it has asked police to investigate. A spokesperson did confirm that its 800-plus real-world stores are open and operating as normal. That means the company can accept payments, suggesting this security incident impacts other systems. According to the retailer’s most recent annual report its online arm brought in just over $2 billion last year and accounted for around a third of its revenue. The situation has therefore spooked investors, who sent the company’s stock price down almost seven percent on Wednesday. This is exactly the kind of scenario that digital extortionists like because it puts extra pressure on the victim to pay up. The timing of the shutdown is also interesting. Attackers are known to hit their targets on public holidays like Monday’s US Memorial Day, as IT departments are short-staffed and therefore less able to mount a defense. Retailers have had rotten time of it lately on the cyber-safety front. In the last six weeks three major UK retail chains - Marks and Spencer, Harrods, and the Co-op - have all suffered attacks. In the case of Marks and Spencer the company reports that online operations are still being disrupted and warned investors that the cost of the incident was now £300 million ($404 million). Earlier this month, Google’s infosec outfit Mandiant warned that some threat groups, including Scattered Spider, are moving against US retailers after scoring successes in the UK. We'll update this piece if Victoria’s Secret provides more details.
Daily Brief Summary
Victoria's Secret's website has been offline for three days due to a security issue, impacting both online and some in-store services.
The company has enlisted third-party experts and initiated response protocols to address the incident while securing their systems.
Despite the online disruptions, over 800 physical stores remain open, indicating isolated impacts on specific operational systems.
The significance of the online platform is highlighted by its substantial revenue generation, accounting for about one-third of the company’s total revenue.
The unavailability of the website has led to a nearly 7% drop in stock price as investors react nervously to the outage and potential financial implications.
Specific details about the nature of the incident, such as whether it involves ransomware, are still unspecified as the company refrains from commenting on investigative details.
The timing of the attack coincides with US Memorial Day, exploiting reduced staffing levels typically seen during public holidays.
Recent similar cyber attacks have targeted major UK retailers, underscoring an ongoing threat wave against the retail sector globally.