The Victoria’s Secret security incident has sent shockwaves through the retail world, with the lingerie giant’s U.S. website and app down since Monday, May 26, 2025. Shoppers trying to browse the latest collections or snag Memorial Day deals were met with a black screen and a brief message acknowledging a “security incident.” The company has suspended online operations and some in-store services, leaving customers frustrated and sparking speculation about a possible data breach or ransomware attack. As the outage stretches into its third day, here’s what we know about this unfolding situation and its impact on the iconic brand.
The Scope of the Victoria’s Secret Security Incident
Victoria’s Secret confirmed the issue on Wednesday, May 28, stating they identified a security problem and immediately enacted response protocols. They’ve engaged third-party experts to investigate and have taken the drastic step of shutting down their U.S. website and app. Some office operations, including employee email access, have also been halted, with corporate staff told to avoid company technology and stay home Tuesday and Wednesday. Physical Victoria’s Secret and PINK stores remain open, but certain in-store services, like online order processing, are disrupted. The company’s shares dropped 7% on Wednesday, closing at $20.99, reflecting investor concerns about the incident’s financial toll.
The timing couldn’t be worse. The outage began during the Memorial Day weekend, a peak sales period for retailers. With e-commerce accounting for roughly a third of Victoria’s Secret’s $2 billion in revenue last year, this disruption is a significant blow. Store associates have given mixed estimates, suggesting the website could be down for another one to two days, potentially totaling a four-to-five-day outage. The lack of clear communication from the company has fueled customer frustration and uncertainty.
Why the Victoria’s Secret Security Incident Raises Concerns
Speculation is rife about the nature of this security incident. Social media posts, particularly on Reddit, have pointed to a possible data breach or ransomware attack. One user, claiming to be a former IT engineer at the company, suggested the incident aligns with an old response plan for a data center breach. Another user noted that cyberattacks often target retailers during long holiday weekends when IT teams are understaffed. While Victoria’s Secret hasn’t confirmed these theories, the prolonged outage and office shutdowns suggest a serious issue.
The retail sector has faced a wave of cyberattacks recently, with U.K. retailers like Marks & Spencer and Harrods reporting significant breaches. Google’s Mandiant recently warned that threat groups, including Scattered Spider, are now targeting U.S. retailers after successes in the U.K. This broader context raises questions about whether Victoria’s Secret is the latest victim of a coordinated cyberattack. For now, the company hasn’t disclosed whether customer data has been compromised, leaving shoppers worried about their personal information.
Key Impacts of the Incident
- Financial Loss: The website outage halts online sales, a critical revenue stream.
- Customer Trust: Lack of transparency could erode confidence in the brand.
- Operational Chaos: Suspended office operations and in-store services disrupt normal business.
- Stock Market Hit: Shares fell 7%, signaling investor unease.
What’s Next for Victoria’s Secret?
The company is working around the clock to restore operations, but recovery may take time. CEO Hillary Super, who took the helm last year, told Bloomberg that “recovery is going to take a while.” This suggests the Victoria’s Secret security incident is more complex than a simple glitch. The engagement of third-party cybersecurity experts indicates a thorough investigation, likely involving forensic analysis to determine the breach’s scope and prevent future attacks. Meanwhile, the company’s 1,350 stores across 70 countries remain operational, offering a lifeline for sales but not fully offsetting the e-commerce loss.
For customers, the lack of clarity is frustrating. Victoria’s Secret has promised updates but hasn’t specified when the website will be back online. Shoppers are left wondering if their data is safe and when they can resume online purchases. The incident comes at a challenging time for the brand, which has been navigating tepid demand and a recent “poison pill” strategy to fend off a potential takeover by an Australian investment firm. These pressures compound the urgency to resolve the security incident swiftly.
A Call to Stay Vigilant
The Victoria’s Secret security incident is a stark reminder of the vulnerabilities retailers face in the digital age. As the company works to restore its systems, customers should stay proactive. Monitor your accounts for unusual activity, update passwords, and be cautious of phishing emails claiming to be from Victoria’s Secret. The retail giant’s response in the coming days will be critical in rebuilding trust and minimizing damage. For now, visiting physical stores is the best way to shop the brand’s offerings while the online platform remains offline.
Have you been affected by the Victoria’s Secret website outage? Share your thoughts in the comments or visit your local store to stay connected with the brand. Stay informed by checking back for updates on this developing story.