Victoria's Secret shuts down US website following 'security incident'

Lingerie giant Victoria’s Secret has temporarily suspended most of its US website and some in-store services to “address a security incident.”

The normal website has been replaced with a customer notice informing visitors that the company is “working around the clock to fully restore operations.” While its UK website remains unaffected, the incident has prompted concerns and frustration among customers.

A Victoria’s Secret spokesperson confirmed the situation to Reuters, stating: “We identified and are taking steps to address a security incident. We immediately enacted our response protocols, third-party experts are engaged, and we took down our website and some in-store services as a precaution.”

The company has not yet provided further details on the nature or origin of the incident, nor when it precisely began. Despite the online disruption, Victoria’s Secret and its spin-off, PINK, stores remain open for business.

The news had an immediate impact on the company’s stock, with Victoria’s Secret shares closing down approximately 7% on Wednesday following the initial media statement. Customers have voiced their discontent on social media, with one user on X complaining, “How can I check my order status when your page has been down for 2 days?!? And no one answers the phone either!”

This incident adds to a growing list of major cyberattacks targeting retailers in recent weeks. Prominent UK firms including Marks & Spencer and the Co-op have also faced significant disruptions, with M&S estimating a £300 million cost from its hack, which is expected to cause ongoing issues until July.

Both M&S and the Co-op have confirmed customer data theft, with the suspected cybercriminals, thought to be the group “Scattered Spider,” reportedly employing ransomware tactics.

In light of these escalating threats, Vonny Gamot from online protection company McAfee advised affected customers to take immediate action. “Even if you haven’t received notification from the brand or retailer which has been impacted, assume your information may have been compromised if you’ve been a customer,” she recommended, urging individuals to change passwords and enable two-factor authentication on their accounts.