Victoria’s Secret Cyber Attack 2025
Downtime Duration
6 days
Estimated Costs
Estimated $10m
Scope
Multi-site
Operational Impact
- Online services briefly disrupted
- Whole IT system shut down
- Customer Data potentially breached
Summary
2025 was a year of Cyber attack after Cyber attack. With large and public attacks such as M&S and Jaguar Land Rover, it is easy to miss smaller, lesser known attacks on businesses like Victoria's Secret.
Full Analysis
Introduction and Overview
In late May 2025, Victoria’s Secret was forced to take their US website down after they detected unauthorised access to customer data. This was only a month after the devastating cyber-attacks on M&S, Harrods and Co-op, so shutting down main retail services before the hackers could access sensitive data was mostly a precaution. By June 2025, Victoria’s Secret were able to retore online services, although the attack has affected the company financially and caused fears that customer data might have been compromised.
The website first started experiencing problems on May 25th (Linkedin, 2025), with some reddit forums experiencing access issues around this time (Reddit, 2025). On May 26th, Victoria’s Secret was made aware that someone had gain unauthorised access to their online network. Fearing that customer data may be breached, Victoria’s Secret shut down their main US website, including emails used my employees and online shopping, although retail stores remained open (Bleeping Computer, 2025A). By the end of May, the retail website was brought back online (Edition.cnn.com, 2025), with employee systems being bought back online later in early June.
Entry Vector
It is commonly believed that the Hacker community Scattered Spider are responsible for the attacks using ransomware developed by DragonForce, mostly because of their attacks on M&S, Harrods, and Co-op, which they claimed responsibility for to extort a hefty bitcoin ransom. (Bleeping Computer, 2025A)
Scattered Spider likely used similar tactics for this particular hack. This could have involved social engineering tactics like phishing and help-desk ruses to initially gain access, then infecting computer systems with DragonForce Ransomware to encrypt key files and systems. However, because of the M&S hack, Victoria’s Secret were on high alert and therefore quickly shut down key IT systems to deny the Hacker’s access to the US website before any damage could be done (Linkedin, 2025). Outside of this information, not much is known about exact details of how the hack happened.
What went Wrong?
Victoria’s Secret acted quickly to deal with the hack, shutting down their whole computer systems, bringing in cybersecurity experts, identifying the breach and containing it. They then restored systems and enacted in new security recommendations (LinkedIn.com, 2025). So, what was the main problem?
The main issue was that they were forced to shut down their whole IT system to keep the ransomware form spreading. If they had a more robust cyber defence and virus detection system, maybe they could have isolated the ransomware and expelled it before it could have spread further, forcing them to shut down more valuable systems that would have a significant impact on the company.
Impact
Customer Data
There have been concerns that customer’s sensitive data might have been compromised. This is especially concerning as NorthFace and Cartier have also been hacked around the same time as Victoria’s Secret (periculo.co.uk, 2025). Victoria’s Secret announced on June 3rd that even though they were able to restore employee and customer systems, customers should still be wary. (Uk.pcmag.com, 2025)
Website
Operational systems for the US website were forced offline because of the hack. However, by May 30th, the website was bought back online (Bleepingcomputer.com, 2025C). However, IT systems for employee’s remained offline until June. As a result, Victoria’s Secret has had to delay its 2025 first quarter earnings report until they can restore those systems (Bleepingcomputer.com, 2025C).
Financial Costs
The company’s share price fell by 7% following the hack (BBC.com, 2025). It is estimated that Victoria’s Secret will lose about $10m in income in its second quarter because of the hack disrupting a large part of their retail system (Cybertech.com, 2025).
The Seamless Solution
- Shutting down the whole website was the most prudent move for Victoria’s Secret, as it denied the Hackers access to the rest of the information. However, having an anti-virus system in place to detect threats and isolate them before they can spread and infect more systems is recommended. This way, individual systems can be isolated and shut down without having to take down the whole IT system.
- Using the same anti-virus detector could also help detect suspicious emails and phone calls, preventing hackers form using social engineering tactics from successfully gaining access.
- Maintaining a full back up of the online website systems, especially the shopping and order systems is essential so they can be implemented at a moment’s notice should any ransomware take them offline
Conclusion
Victoria’s Secret’s cyber attack is an often under discussed and lesser talked about cyber attack, mostly due to it being overshadowed by more larger attacks that happened around the same time. However, compared to other companies, that experienced severe disruption and IT problems, Victoria’s Secret were able to survive relatively unscathed mostly thanks to their quick actions and even quicker recovery.
Sources
- BBC.com (2025): Victoria’s Secret takes down US website after ‘security incident’:
https://www.bbc.co.uk/news/articles/cwy6l5573jyo
- BleepingComputer.com (2025A): Victoria’s Secret takes down website after security incident: https://www.bleepingcomputer.com/news/security/victorias-secret-takes-down-website-after-security-incident/
- BleepingComputer.com (2025B): Victoria’s Secret delays earnings release after security incident: https://www.bleepingcomputer.com/news/security/victorias-secret-delays-earnings-release-after-security-incident/
- bleepingcomputer.com (2025C): Victoria’s Secret restores critical systems after cyberattack: https://www.bleepingcomputer.com/news/security/victorias-secret-restores-critical-systems-after-cyberattack/
- Cybernews.com (2025): Victoria’s Secret estimates $10M income hit from cybersecurity breach: https://cybernews.com/cybercrime/victorias-secret-sales-cybersecurity-breach/
- Edition.cnn.com (2025): Victoria’s Secret site back online after days-long cyber incident: https://edition.cnn.com/2025/05/28/business/victorias-secret-website-down-security-incident
- LinkedIn.com (2025): Victoria’s Secret Hacked: The Not-So-Secret Cyber Siege Unraveled: https://www.linkedin.com/pulse/victorias-secret-hacked-not-so-secret-cyber-siege-unraveled-sarkar-ilzsf/
- periculo.co.uk (2025): The North Face, Cartier, Victoria’s Secret Hacked: https://www.periculo.co.uk/cyber-security-blog/the-north-face-cartier-victorias-secret-hacked
- Reddit.com (2025): r/cybersecurity post: Victoria’s Secret website down after ‘security incident’: https://www.reddit.com/r/cybersecurity/comments/1kxp6al/victorias_secret_website_down_after_security/
- Silicon.co.uk (2025): Victoria’s Secret, Adidas Hit By Cyber-Attacks: https://www.silicon.co.uk/security/cyberwar/victoria-secret-adidas-hack-616208
- Uk.pcmag.com (2025): Victoria’s Secret Confirms Hack, Warns That Your Data Might Be at Risk: https://uk.pcmag.com/security/158379/victorias-secret-confirms-hack-warns-that-your-data-might-be-at-risk
- www.cybersecuritydive.com (2025): Victoria’s Secret postponing release of report earnings amid breach impact: https://www.cybersecuritydive.com/news/victorias-secret-postponing-earnings-breach/749665/