Victoria’s Secret restores critical systems after cyberattack
Victoria’s Secret has restored all critical systems impacted by a May 24 security incident that forced it to shut down corporate systems and the e-commerce website.
The company operates around 1,380 retail stores in nearly 70 countries and has reported net sales of $1.353 billion for the first quarter of 2025, with a forecasted net sales range of up to $6.3 billion for the year.
In a Thursday filing with the U.S. Securities and Exchange Commission, the company disclosed that all restored critical systems are now fully operational and that it’s working with external experts to assess the cyberattack’s impact.
It also believes the incident will likely have no material impact on its yearly fiscal results, even though it may continue to incur expenses related to the attack.
“We immediately enacted our response protocols to contain and eradicate unauthorized network access, and third-party experts were engaged. All critical systems are restored and fully operational,” Victoria’s Secret said.
“We continue to assess the full scope and impact of the incident. This incident has not caused a material disruption to our operations to date and we do not believe it will have a material impact to our fiscal year 2025.”
Quarterly earnings release delayed
As the company revealed after disclosing the incident last month, it was forced to take down corporate systems, some in-store services, and the e-commerce website as a precaution on May 26.
A Victoria’s Secret spokesperson told BleepingComputer that the fashion retail giant was working to restore operations and had hired external experts to investigate the breach.
In a June 3 press release, Victoria’s Secret added that it had to postpone releasing financial results for the first quarter because systems needed during this process were unreachable after the attack.
“The restoration process has prevented employees from accessing certain systems and information needed to support the Company’s release of its financial results for the first quarter ended May 3, 2025,” it stated. “As a result, the Company is postponing the date of its previously announced first quarter 2025 earnings release and earnings call webcast.”
Victoria’s Secret didn’t reply to an email from BleepingComputer requesting more details on the nature of the incident, and no ransomware operations have claimed responsibility for the attack since then.
This security incident follows a series of attacks targeting other fashion companies in recent weeks, including French luxury fashion brands Cartier and Dior. German sportswear giant Adidas was also breached last month, with the threat actors stealing some of its customers’ data after hacking into a customer service provider’s systems.
Starting in April, a campaign linked to Scattered Spider threat actors and the DragonForce ransomware gang has also targeted multiple retailers across the United Kingdom, including Marks & Spencer, Co-op, and Harrods.
Patching used to mean complex scripts, long hours, and endless fire drills. Not anymore.
In this new guide, Tines breaks down how modern IT orgs are leveling up with automation. Patch faster, reduce overhead, and focus on strategic work — no complex scripts required.
Source link
