Victoria’s Secret has restored all essential methods impacted by a Could 24 safety incident that compelled it to close down company methods and the e-commerce web site.
The corporate operates round 1,380 retail shops in almost 70 international locations and has reported internet gross sales of $1.353 billion for the primary quarter of 2025, with a forecasted internet gross sales vary of as much as $6.3 billion for the 12 months.
In a Thursday submitting with the U.S. Securities and Trade Fee, the corporate disclosed that every one restored essential methods are actually absolutely operational and that it is working with exterior consultants to evaluate the cyberattack’s impression.
It additionally believes the incident will possible don’t have any materials impression on its yearly fiscal outcomes, although it could proceed to incur bills associated to the assault.
“We instantly enacted our response protocols to comprise and eradicate unauthorized community entry, and third-party consultants have been engaged. All essential methods are restored and absolutely operational,” Victoria’s Secret mentioned.
“We proceed to evaluate the complete scope and impression of the incident. This incident has not triggered a cloth disruption to our operations up to now and we don’t imagine it’ll have a cloth impression to our fiscal 12 months 2025.”
Quarterly earnings launch delayed
As the corporate revealed after disclosing the incident final month, it was compelled to take down company methods, some in-store companies, and the e-commerce web site as a precaution on Could 26.
A Victoria’s Secret spokesperson informed BleepingComputer that the style retail large was working to revive operations and had employed exterior consultants to research the breach.
In a June 3 press launch, Victoria’s Secret added that it needed to postpone releasing monetary outcomes for the primary quarter as a result of methods wanted throughout this course of have been unreachable after the assault.
“The restoration course of has prevented staff from accessing sure methods and data wanted to help the Firm’s launch of its monetary outcomes for the primary quarter ended Could 3, 2025,” it said. “Consequently, the Firm is suspending the date of its beforehand introduced first quarter 2025 earnings launch and earnings name webcast.”
Victoria’s Secret did not reply to an e mail from BleepingComputer requesting extra particulars on the character of the incident, and no ransomware operations have claimed duty for the assault since then.
This safety incident follows a sequence of assaults focusing on different trend firms in latest weeks, together with French luxurious trend manufacturers Cartier and Dior. German sportswear large Adidas was additionally breached final month, with the menace actors stealing a few of its clients’ knowledge after hacking right into a customer support supplier’s methods.
Beginning in April, a marketing campaign linked to Scattered Spider menace actors and the DragonForce ransomware gang has additionally focused a number of retailers throughout the UK, together with Marks & Spencer, Co-op, and Harrods.
Patching used to imply advanced scripts, lengthy hours, and countless hearth drills. Not anymore.
On this new information, Tines breaks down how trendy IT orgs are leveling up with automation. Patch sooner, cut back overhead, and deal with strategic work — no advanced scripts required.
