Victoria's Secret has successfully restored all critical systems that were affected by a
cybersecurity incident on May 24, which led the company to temporarily shut down its corporate systems and e-commerce platform.
Operating approximately 1,380 retail stores across nearly 70 countries, the company reported net sales of $1.353 billion for the first quarter of 2025 and projected up to $6.3 billion in annual sales.
In a recent filing with the U.S. Securities and Exchange Commission, Victoria's Secret confirmed that all key systems are now fully functional. The company is working with independent cybersecurity experts to evaluate the impact of the breach. Despite the attack, it does not expect any material impact on its full-year financial performance, though some costs related to the incident are anticipated.
"We promptly initiated our response procedures to contain and remove the unauthorized access, and brought in third-party specialists to assist. All critical systems have been restored and are now operational," the company stated. "We are continuing to assess the incident's full scope. So far, it has not significantly disrupted operations, and we do not expect it to affect our fiscal 2025 performance."
Delay in quarterly earnings release
After initially disclosing the breach, the company reported that it had taken down its corporate systems, select in-store services, and online shopping platform as a preventive measure on May 26.
A spokesperson reported that the company was actively working to resume normal operations and had hired outside professionals to conduct a detailed investigation.
In a June 3 press release, Victoria's Secret said it had to delay its first-quarter earnings report due to limited access to essential internal systems required for financial reporting.
"The system restoration process temporarily blocked access to critical tools and data needed for preparing our Q1 financial results ending May 3, 2025," the statement read. "As a result, we are postponing the release of our Q1 earnings report and related webcast." No ransomware groups have claimed responsibility so far.
This breach adds to a growing list of cyberattacks on fashion industry players in recent weeks. Luxury brands such as Cartier and Dior have also faced incidents, while Adidas suffered a data breach after hackers infiltrated a third-party customer service provider.
Since April, a broader campaign believed to be linked to the Scattered Spider group and DragonForce ransomware gang has targeted several UK retailers, including Marks & Spencer, Co-op, and Harrods.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
