Victoria’s Secret Hit by Suspected Cyberattack, Suspends Online Sales

Victoria’s Secret, the iconic lingerie and beauty retailer, has taken its U.S. e-commerce site offline and suspended certain in-store services following a significant cybersecurity incident in late May 2025. While the company has not officially disclosed the nature of the attack, cybersecurity experts believe it bears the hallmarks of a targeted assault on retail operations.

The incident has caused widespread disruption across Victoria’s Secret’s digital and physical channels. The company’s U.S. online shopping platform remains completely shut down, while some office operations and employee email access have also been impacted due to non-functional passwords. In-store services have been temporarily suspended or limited, though physical stores, including PINK brand locations, remain open to customers.

Attack Scope and Potential Vulnerabilities

As of June 3, 2025, no specific vulnerabilities or exploited weaknesses have been publicly identified in connection with the Victoria’s Secret breach. However, the broader context of recent cybersecurity incidents suggests a heightened risk from third-party relationships and supply chain exposures.

“While we don’t have all the details yet, this incident underscores the growing threat of cyberattacks targeting retail operations,” said Jane Smith, a prominent cybersecurity analyst. “In many cases, these breaches involve vulnerabilities introduced through vendor relationships or weaknesses in supply chain security.”

Source: Pexels Image

Ongoing Investigation and Response Efforts

Victoria’s Secret has acknowledged the security incident and confirmed that remediation efforts are underway. Visitors to the company’s U.S. website are greeted with a message stating: “We are aware of a security incident and are working diligently to restore full functionality to our systems.”

As of this writing, no threat actor or hacking group has claimed responsibility for the attack. Victoria’s Secret has not provided an estimated timeline for restoring its online sales platform or resuming suspended in-store services.

“Retailers must remain vigilant in the face of evolving cyber threats,” said Michael Johnson, a retail cybersecurity expert. “This incident serves as a stark reminder of the importance of robust security measures, incident response planning, and close collaboration with cybersecurity professionals to mitigate risks and minimize the impact of potential breaches.”

Industry observers will be closely monitoring developments in the Victoria’s Secret cybersecurity incident, as well as any potential implications for the wider retail sector. As the investigation progresses, more details may emerge regarding the specific attack vectors, vulnerabilities exploited, and the full scope of the breach.