Pierluigi Paganini May 29, 2025

Victoria’s Secret took its website offline after a cyberattack, with experts warning of rising threats against major retailers.

American lingerie, clothing, and beauty retailer Victoria’s Secret took its website offline following a cyberattack. At this time, the site shows the following message:

“Valued customer, we identified and are taking steps to address a security incident. We have taken down our website and some in store services as a precaution. Our team is working around the clock to fully restore operations. We appreciate your patience during this process. In the meantime, our Victoria’s Secret and PINK stores remain open and we look forward to serving you.”

The cyber attack impacted customer care operations and some distribution center operations, according to a note seen by Bloomberg.

“Recovery is going to take awhile,” said Hillary Super, the lingerie retailer’s CEO, in a note to employees seen by Bloomberg News.

Victoria’s Secret faced a cyberattack on Wednesday, locking some staff out of their email. The company shut down its website and responded to the incident with the help of external experts. After the security incident company’s shares dropped 6.9%.

The company did not provide technical details about the attack.

In recent weeks, major brands like Dior and Adidas have reported data breaches, with hackers stealing customer information. These follow a wave of cyberattacks on UK retailers, including Co-op, Marks & Spencer and Harrods. Marks & Spencer now face a potential £300M loss. The DragonForce ransomware group claimed responsibility, using tactics tied to the Scattered Spider gang, which is now also hitting U.S. retailers, according to Google.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Victoria’s Secret)