Victoria’s Secret website down as company investigates security incident

Women’s fashion brand Victoria’s Secret said it is working to restore operations after experiencing a security incident.

The company did not respond to requests for comment but the victoriassecret.com domain now features a brief message to customers explaining that it has “identified and are taking steps to address a security incident.”

“We immediately enacted our response protocols, third-party experts are engaged, and we took down our website and some in store services as a precaution,” the company said.

“We are working to quickly and securely restore operations. We continue to serve customers in our Victoria’s Secret and PINK stores.”

Cybersecurity experts said the website has displayed the banner for at least three days. On its corporate website, the company published a similar message, noting that it is “working around the clock to fully restore operations.”

Victoria’s Secret is a retailer of bras, panties, lingerie, apparel and more, with 1,380 retail stores across 70 countries and about 30,000 employees. The company reported net sales of $6.2 billion in 2024. 

Victoria’s Secret is just the latest fashion brand to announce a cyberattack in the last month after multiple high-profile incidents. Adidas, Dior, and Tiffany all announced data breaches or security incidents that exposed customer and employee data. 

The incidents prompted the FBI to deliver cyber-intelligence briefings to major retailers over the last month after reports that a well-known group of hackers called Scattered Spider had shifted their focus from attacks on outlets in the U.K. to U.S.-based companies. 

The notices came after multiple attacks on U.K. retailers Marks & Spencer, the Co-op, and luxury retailer Harrods. The group behind these attacks is reported to have attempted to monetize its access to the victims’ networks using the DragonForce ransomware.

"The U.S. retail sector is currently being targeted in ransomware and extortion operations that we suspect are linked to UNC3944, also known as Scattered Spider,” said John Hultquist, chief analyst at Google Threat Intelligence Group. 

“The actor, which has reportedly targeted retail in the U.K. following a long hiatus, has a history of focusing their efforts on a single sector at a time, and we anticipate they will continue to target the sector in the near term. U.S. retailers should take note.”

Hultquist added that the group is “aggressive, creative, and particularly effective at circumventing mature security programs.” 

The group, which previously gained notoriety for its ransomware attacks on casino giants MGM Resorts and Caesars Entertainment, has had significant success with social engineering and leveraging third parties to gain entry to their targets, Hultquist explained.

Cybersecurity experts believe Scattered Spider is an offshoot of a larger criminal organization calling itself “the Community,” or “the Com,” that claimed several major attacks on companies like Coinbase, Riot Games and Reddit.

There were multiple arrests of alleged members in the U.S., U.K. and Europe over the last three years.