Angels Fall: Victoria’s Secret Breach

Summary

Victoria’s Secret experienced a significant security incident in May 2025, disrupting website and in-store services. The company took its website offline and limited in-store operations as a precaution while investigating the incident with external experts. Although the full impact is still being assessed, the incident delayed the company’s Q1 earnings report and highlighted the growing threat of cyberattacks against retailers.

Dont let data threats slow you downTrueNAS offers enterprise-level protection.

** Main Story**

Okay, so, Victoria’s Secret… they’ve had a rough couple of weeks, haven’t they? News broke on May 24th, 2025, that they were hit by a pretty serious cybersecurity breach. And, it’s one of those situations where the full fallout is still unfolding, even now, mid-June. It forced them to take down their U.S. website and mess with some in-store services, which, naturally, made customers pretty unhappy and worried about their data. The company hasn’t exactly been super transparent, but, honestly, it looks like a sophisticated attack. It’s a mess.

What Happened?

Basically, the trouble started on May 24th. Victoria’s Secret, to their credit, seems to have jumped on it quickly, activating their response plans. That meant bringing in outside cybersecurity pros and, the big one, shutting down the U.S. website and some in-store stuff on May 26th. The website was down for about four days – a huge chunk of time when you consider how much online sales matter to them. I actually saw a few people complaining on Twitter about website issues before the 26th, even as early as May 25th, which was around Memorial Day weekend and their sales promotion. So, who knows how long it was brewing. It wasn’t just the website, either. They temporarily stopped things like online order returns in stores, those digital lookups for products, and even loyalty program redemptions. Talk about a disruption.

Internal Chaos and Delayed Earnings

It wasn’t just customers feeling the burn, the employees were in disarray too! Apparently some were locked out of their email accounts, and you can’t exactly get work done if you can’t access internal systems. This really threw a wrench in preparing their first-quarter earnings report, so they had to postpone it. Although early numbers look good, they’re still trying to figure out how much this whole breach is going to cost them, you know, with recovery, fixing the vulnerabilities and everything. Not good.

Retail Under Attack

And here’s the thing: Victoria’s Secret isn’t alone. We’re seeing more and more of these attacks targeting big retailers. Adidas, Dior, The North Face, and even some U.K. stores like Marks & Spencer, Harrods, and Co-op have been hit lately. A lot of these are ransomware attacks, where hackers lock up a company’s systems and demand a ransom. But sometimes it’s even worse, and they steal customer data. Scary stuff. There’s speculation that whoever hit Victoria’s Secret might be connected to the Scattered Spider group; they’re notorious for going after retailers. Remember that Target breach from years ago? Yeah, it feels a bit like that, only maybe even more complex. Makes you wonder, what will they do next?!

What’s Next?

Victoria’s Secret is working on it, but this should be a wake-up call for everyone in retail. They need to have really strong cybersecurity measures and be ready for increasingly sophisticated attacks. The full damage to Victoria’s Secret is still being investigated, and we’ll probably see the effects for months. As of today, their website’s back up, but who knows what the long-term impact on their reputation and bottom line will be? As consumers, we also need to be careful online and keep an eye on our accounts. You know, the usual stuff, but it’s worth repeating: use strong passwords, be careful about clicking links, and all that. It’s a jungle out there, and you can’t be too careful. And honestly, after this, I may wait a beat before doing any shopping with them online.