.png)
19 hours ago
26
Image: Rowanlovescars (CC BY-SA 4.0)
Fashion giant Victoria's Secret has taken down its website and some store services because of an ongoing security incident.
Victoria's Secret manages approximately 1,380 retail stores in nearly 70 countries and reported an annual revenue of $6.23 billion for the fiscal year ending February 1, 2025.
The company says in a message on its website that its Victoria's Secret and PINK stores remain open while operations are being restored.
Hillary Super, the retailer's chief executive officer, also told employees that "Recovery is going to take awhile," in a note sent to employees and seen by Bloomberg News.
A company spokesperson has yet to reply after BleepingComputer asked for more details, including whether the incident resulted from a ransomware attack and whether Victoria's Secret received a ransom demand.
"Valued customer, we identified and are taking steps to address a security incident. We have taken down our website and some in store services as a precaution," it says.
"Our team is working around the clock to fully restore operations. We appreciate your patience during this process."
Victoria’s Secret website (BleepingComputer)Two weeks ago, French luxury fashion brand Dior disclosed another cybersecurity incident after unknown attackers accessed data on some Dior Fashion and Accessories customers.
German sportswear giant Adidas also revealed a data breach last week after threat actors who hacked a customer service provider stole some of its customers' data.
These incidents follow a series of other attacks targeting retailers across the United Kingdom over the last several months, including Harrods, Co-op, and Marks & Spencer.
Marks & Spencer is now bracing for a potential profit hit of up to £300 million (approximately $402 million) after the breach led to widespread sales and operational disruptions.
Although it's unclear whether these attacks are connected, the DragonForce ransomware operation has claimed responsibility for all three incidents. BleepingComputer also discovered that the attackers had employed social engineering tactics associated with the Scattered Spider threat actors.
Last week, Google warned that Scattered Spider is now also targeting retailers in the United States in ransomware and extortion operations.
