Victoria’s Secret & Co. has taken its website offline and suspended select in-store services following what the company describes as a “security incident” that began over the Memorial Day weekend.
The lingerie retailer’s website displays only a black screen with a message stating the company has “identified and are taking steps to address a security incident” and has “taken down our website and some in store services as a precaution”.
The disruption has persisted for three days, with reports indicating the outage began as early as Monday during a Memorial Day sale promotion.
.png
)
Security Breach Disrupts Operations and Systems
The cybersecurity incident has significantly impacted Victoria’s Secret’s digital infrastructure, with employees reportedly locked out of their email accounts and passwords failing to work.
The company immediately enacted its incident response protocols and engaged third-party cybersecurity experts to investigate and remediate the breach.
CEO Hillary Super reportedly informed employees that recovery operations would take considerable time, while customer care operations and some distribution center functions have been halted.
The timing of the attack aligns with known cybercriminal tactics of targeting organizations during public holidays when IT departments are typically short-staffed and less able to mount effective defenses.
This strategic timing maximizes the potential for successful initial compromise and lateral movement within target networks before detection.
The company has not disclosed whether the incident involves ransomware deployment, data exfiltration, or other specific attack vectors, though security experts note the operational disruption pattern suggests a sophisticated multi-stage attack.
Victoria’s Secret’s incident occurs amid an unprecedented wave of cyberattacks targeting major retailers globally.
Recent months have witnessed significant breaches affecting Marks & Spencer, Co-op, and Harrods in the UK, with security researchers attributing many of these attacks to the Scattered Spider cybercriminal collective (also tracked as UNC3944, Octo Tempest, and Muddled Libra).
Google’s Threat Intelligence Group has warned that this English-speaking hacking group, primarily composed of young adults from the US and UK, has pivoted from targeting UK retailers to focusing on US retail chains.
The attackers have demonstrated proficiency with DragonForce ransomware deployment on VMware ESXi hosts, credential dumping techniques using tools like Mimikatz (T1003.001 – LSASS Memory), and network reconnaissance through port scanning utilities such as SoftPerfect Network Scanner.
Their attack methodology typically involves initial compromise through social engineering targeting IT helpdesks, followed by credential harvesting, lateral movement across Active Directory environments, and eventual deployment of ransomware payloads that encrypt both Windows and Linux systems.
The security incident has triggered immediate financial consequences for Victoria’s Secret, with shares falling approximately 7% on Wednesday following disclosure of the breach.
This decline represents significant investor concern given that digital sales accounted for $2 billion in revenue during 2024, representing roughly one-third of the company’s total revenue stream.
The operational disruption threatens to impact the retailer’s financial performance during a critical sales period.
Victoria’s Secret operates approximately 1,350 retail stores across 70 countries, with its physical locations remaining operational despite the digital infrastructure compromise.
The company has confirmed that both Victoria’s Secret and PINK store locations continue serving customers, though some in-store digital services remain affected.
Security analysts note that the extended duration of the outage suggests either extensive system compromise requiring comprehensive rebuilding, or ongoing negotiations in a potential ransomware scenario, though the company has not confirmed payment of any ransom demands.
The incident underscores the critical vulnerability of retail organizations heavily dependent on e-commerce platforms and highlights the evolving sophistication of cybercriminal operations targeting consumer-facing businesses during peak shopping periods.
Live Credential Theft Attack Unmask & Instant Defense – Free Webinar
