Victoria’s Secret resumes e-commerce following security incident
The Victoria’s Secret & Co. e-commerce site is operational again after it was temporarily shut down in the wake of an apparent cyberattack.
From Wednesday, May 28 – Thursday, May 29, the lingerie giant’s e-commerce site featured a short message to customers against a pink background:
"Valued customer, we identified and are taking steps to address a security incident," the retailer said on its site. "We have taken down our website and some in store services as a precaution. Our team is working around the clock to fully restore operations. We appreciate your patience during this process."
However, as of Friday, May 30, the Victoria’s Secret website was back up with links to browse products and make purchases. The company’s Victoria’s Secret and Pink brick-and-mortar stores remained open during the site shutdown.
The company has not issued any further clarifications about what exactly happened that made it temporarily cease e-commerce operations. However, a corporate spokesperson told Bleeping Computer that Victoria’s Secret is investigating the unspecified incident with the help of third-party experts.
"We immediately enacted our response protocols, third-party experts are engaged, and we took down our website and some in store services as a precaution,” the spokesperson said. “We are working to quickly and securely restore operations.”
In addition, Bloomberg reported that Victoria’s Secret CEO Hillary Super said "recovery is going to take a while" in an internal memo sent to company employees.
[READ MORE: Victoria’s Secret adopts poison pill to keep Australian investor at bay]
In emailed commentary to Chain Store Age, Ryan Sherstobitoff, senior VP of threat research & intelligence at security services and solutions provider SecurityScorecard, said the incident demonstrates security can no longer be a "back burner" issue for retailers.
"Retailers have become high-value targets for cybercriminals, and recent breaches at Dior, Marks & Spencer, Harrods, and Co-Op in the last month alone make it clear that this is more than just a passing trend," said Sherstobitoff. "These attacks are not isolated events; they represent a growing pattern exposing a deeper, systematic vulnerability within the retail industry."
Shersobitoff also said that retailers need to be aware they operate in data-rich environments, handling personally identifiable information, loyalty data, and often payment credentials.
“A proactive, multi-layered cybersecurity strategy is essential—one that extends beyond internal systems to include continuous monitoring of the entire external attack surface, including third-party vendors and the broader supply chain," he said.
Google recently issued a public warning on NBC News that an organized cybercrime ring which has been targeting U.K. retailers such as Marks & Spencer and Harrods would likely begin attacking U.S. retailers’ technology networks.
