Victoria’s Secret has had to temporarily shut down its website due to a security issue that is still under investigation. Although the online store and some services are currently unavailable, the good news is that Victoria’s Secret and PINK physical stores continue to operate normally.
In case you were wondering, this fashion brand has a global presence: it operates around 1,380 stores in nearly 70 countries and reported over \$6 billion in revenue in its most recent fiscal year, which ended in February 2025. In the message that appears when attempting to access the site, the company states that it is working to return soon and thanks its customers for their patience.
What’s Going On with the Victoria’s Secret Website?
"Hi, we want to share what’s happening. We recently detected a security issue and, as a precaution, decided to temporarily shut down our website and some in-store services. We know this may cause inconvenience, but we did it to protect both your information and our company’s.
Our team (alongside external security experts) is already working at full speed to understand exactly what happened and to restore everything as soon as possible. We’re still assessing the impact, but for now, we can tell you that our Victoria’s Secret and PINK physical stores remain open and operating normally.
We understand that this situation may raise questions or concerns, and we truly appreciate your patience and understanding as we work through it. Additionally, our CEO, Hillary Super, shared with the internal team that the recovery process will take some time, but we’re committed to doing it right and doing it safely. Thank you for trusting us. We’ll be back soon—better and more secure than ever."
Victoria’s Secret Website (Source: BleepingComputer)
It Hasn’t Been a Good Month for Major Brands
Just a couple of weeks ago, Dior (the iconic French luxury brand) confirmed it had suffered a cybersecurity incident. Apparently, unknown attackers gained access to customer data from its fashion and accessories division.
Shortly after, Adidas also announced it had experienced a data breach. In that case, the attackers infiltrated through a customer support provider and managed to steal information from some of its users.
These are not isolated incidents. In recent months, several retailers in the UK have been targeted by similar attacks. Among them are Harrods, Co-op, and Marks & Spencer. The latter, in fact, is facing a potential financial hit of up to £300 million (around $402 million) due to disruptions in its operations and sales.
Although it’s still unclear whether all these attacks are connected, there are signs pointing to a ransomware group called DragonForce, which has claimed responsibility for at least three of the cases. Additionally, it was discovered that the attackers used social engineering tactics very similar to those employed by a group known as Scattered Spider.
To make matters worse, Google warned last week that Scattered Spider has also begun targeting retailers in the United States, combining ransomware with digital extortion.
