Victoria’s Secret has made significant strides in recovering from a recent cyberattack that severely disrupted its operations in May 2025. The attack began with initial signs detected on May 24, leading to widespread outages reported by users on various platforms. By May 26, unauthorized access was confirmed, resulting in the U.S. website being taken offline and suspension of in-store online return processing shortly afterward.
The cyberattack precipitated a complete halt of online orders and customer support services, causing significant operational challenges. Employee email accounts were locked down, leading to a breakdown in internal communications, and physical stores faced service disruptions even while remaining open. According to analysts, the breach was described as a “significant problem” due to its impact on ongoing operations and access to critical information. The breach exemplifies how zero-day vulnerabilities can result in severe financial consequences for major corporations.
The subsequent financial impact was considerable, with stock prices plummeting 7-8% in the immediate aftermath, erasing millions in market capitalization. Victoria’s Secret’s earnings report was postponed because of the breach, though no material disruption to annual fiscal results was anticipated.
In response to the cyber incident, the company immediately activated its response protocols and engaged external cybersecurity experts. By June 13, all critical systems were declared fully operational again. Internal messaging during the recovery period highlighted ongoing efforts and the need for vigilance amid the digital threat environment. Ransomware attacks have become a recognized threat in the retail industry, creating urgency for enhanced security measures.
Importantly, experts indicated that the attack was likely perpetrated by Scattered Spider, a syndicate known for advanced social engineering tactics targeting help desks and collaborating with ransomware groups like DragonForce.
Industry-wide, the breach highlights the increasing vulnerability of retail brands to cyber threats. Investors have grown anxious regarding operational disruptions, underscoring the necessity for strong digital defenses and incident response planning.
In light of the challenges, the company envisions no long-term reputational harm, as it continues to work diligently on restoring customer confidence and operational stability. The full scope of the incident remains under assessment, with ongoing engagement of cybersecurity experts to secure systems against future attacks.
