Victoria’s Secret Website Down Due To Apparent Cyberattack

Victoria’s Secret shoppers will have to find their way to a physical store while the brand’s website remains down due to an apparent cyberattack.

Since Wednesday, the lingerie retailer’s website has displayed a single static message referring to a “security incident” rather than its usual online store.

“Valued customer, we identified and are taking steps to address a security incident. We have taken down our website and some in store services as a precaution,” the message reads. “Our team is working around the clock to fully restore operations. We appreciate your patience during this process. In the meantime, our Victorias Secret and PINK stores remain open and we look forward to serving you.”

The company did not detail the specific nature of the security incident.

The apparent cyberattack comes just weeks after Google’s Threat Intelligence Group warned that a cybercriminal group responsible for attacking retailers in the U.K., including Harrods, Co-op, and Marks & Spencer, had begun attacking American companies.

Authorities believe the attacks on British retailers were carried out by a loosely connected group of largely English-speaking cybercriminals known to the cybersecurity industry as Scattered Spider, which deployed DragonForce ransomware.

According to Google, so far in 2025 retail companies have accounted for 11 percent of victims of data-leak sites (DLS) hacks, in which cybercriminals steal and release large quantities of personally identifiable information (PII) and financial data, up from about 8.5 percent in 2024 and 6 percent in 2022 and 2023.

Google says threat actors likely view retailers as attractive targets not only because they possess large quantities of customer data, but because they “may be more likely to pay a ransom demand if a ransomware attack impacts their ability to process financial transactions.”