At the end of May 2025, Victoria’s Secret experienced a major cyberattack that forced the company to take its U.S. website offline. The sudden shutdown disrupted online shopping for millions of customers and caused ripple effects across its retail operations.
Although the company has not shared specific details about the nature of the attack, the disruption suggests it may have involved malicious software designed to lock systems or steal sensitive data, commonly known as ransomware.
How It Affected the Business
With a large share of Victoria’s Secret’s revenue coming from online sales, the timing of the cyberattack was especially damaging. The outage occurred during a period when many customers were expecting seasonal promotions and product drops. As a result, the company faced not only lost sales but also growing dissatisfaction among its customer base.
The attack also affected investor confidence, with the brand’s market value taking a noticeable dip in the days following the news. When a company so reliant on digital infrastructure suddenly loses access to its own platform, the financial consequences can be swift and significant.
Response and Recovery Efforts
In response, Victoria’s Secret took immediate steps to secure its systems and begin the recovery process. This included shutting down parts of its digital infrastructure, investigating the root of the attack, and working toward restoring online operations. To protect customer trust and limit further damage, the company also paused some in-store services that might be connected to the compromised systems.
While physical store locations remained open, many online shoppers were left without access to the products and services they expected. To ease frustrations, the company extended return deadlines and coupon expirations for those affected by the outage.
A Growing Problem for Retailers
This type of attack reflects a growing trend in the retail industry. Large consumer brands are increasingly being targeted because of their valuable customer data and heavy dependence on online sales. Just weeks ago M&S, Co-Op and Adidas reported major breaches. When systems are breached, attackers can potentially access sensitive information or block companies from using their own platforms until a ransom is paid.
These incidents can cause operational disruptions, customer dissatisfaction, and long-term brand damage, even if personal data isn’t stolen or leaked.
What Shoppers Should Know
For customers, situations like this are a reminder to stay cautious online. Even if their information wasn’t compromised, they may receive fake emails or phishing messages pretending to be from the brand. It’s a good idea to monitor accounts for unusual activity, change passwords that may be reused across platforms, and avoid clicking suspicious links.
Looking Ahead
The Victoria’s Secret cyberattack is the next major breach of a large retailer. The company continues to investigate the incident and rebuild its digital services. In the meantime, shoppers are encouraged to use physical store locations and stay alert for updates about online access.
This event underscores just how critical cybersecurity has become in the modern retail environment. As brands continue to expand their digital presence, the risk—and potential impact—of cyberattacks will only grow. For companies and customers alike, being prepared is no longer optional.
