Lingerie retailer Victoria’s Secret has fallen victim to a cyberattack that forced it to take its website down on Wednesday. The site remains offline at the time of publication.
“Valued customer, we identified and are taking steps to address a security incident. We have taken down our website and some in store services as a precaution. Our team is working around the clock to fully restore operations,” a message on the website reads.
“We appreciate your patience during this process. In the meantime, our Victoria’s Secret and PINK stores remain open and we look forward to serving you,” it continues.
It is unclear what type of incident caused the outage, but such disruptions are typically the result of ransomware attacks. SecurityWeek has emailed Victoria’s Secret to request additional information on the matter.
Sportswear giant Adidas also disclosed a cyber incident this week after hackers accessed a “third-party customer service provider” and stole the contact information of customers who contacted the help desk in the past.
The two incidents came to light only weeks after UK retailers Co-op, Harrods, and Marks & Spencer (M&S) were targeted by the DragonForce ransomware group. The attack on M&S resulted in data theft and could cost the retailer roughly $400 million.
While the attacks may not be related, Google earlier this month warned that the hacking group behind the recent cyberattacks on high-street UK retailers is now turning to US companies.
“Shields up US retailers. They’re here,” John Hultquist, chief analyst at Google Threat Intelligence Group, said on X.
“Retailers have become high-value targets for cybercriminals, and recent breaches at Dior, M&S, Harrods, and Co-Op in the last month alone make it clear that this is more than just a passing trend. These attacks are not isolated events; they represent a growing pattern exposing a deeper, systematic vulnerability within the retail industry,” SecurityScorecard SVP Ryan Sherstobitoff commented.
