On May 28, 2025, Victoria’s Secret & Co., a leading global lingerie retailer, proactively suspended most functionalities of its website and certain in-store services in response to a detected security incident. The company promptly activated its incident response protocols, engaging third-party cybersecurity experts to assess and mitigate the situation. As a precautionary measure, the website was taken offline, and specific in-store services were temporarily halted. Despite these disruptions, Victoria’s Secret and its PINK retail stores continue to operate, ensuring that customers can still access products and services in physical locations.
The company has not disclosed specific details regarding the nature or origin of the security breach, nor the exact timeline of its occurrence. This incident underscores the growing cybersecurity challenges faced by major retailers, as cybercriminals increasingly target high-profile companies to exploit vulnerabilities and access sensitive customer information.
In recent years, Victoria’s Secret has made significant investments in digital transformation to enhance customer experiences. In January 2024, the company announced a strategic partnership with Google Cloud to integrate artificial intelligence (AI) and generative AI technologies into its online shopping platforms. This collaboration aimed to create personalized and inclusive shopping experiences, including the development of an AI-powered conversational assistant designed to provide tailored product recommendations based on individual preferences and life experiences. Additionally, the partnership sought to improve internal operations by leveraging AI for marketing, customer sentiment analysis, supply chain optimization, and associate training programs.
Despite these advancements, the recent security incident highlights the persistent threats in the digital landscape. Cyberattacks targeting retailers have become more sophisticated, with adversaries employing various tactics such as phishing, ransomware, and data breaches to compromise systems and steal sensitive information.
Victoria’s Secret has previously encountered cybersecurity challenges. In 2003, the company settled a privacy policy breach after an investigation revealed inconsistencies between its stated privacy practices and actual operations. The breach exposed personal information of customers, including names, billing addresses, and purchase details, on the company’s website. The settlement required Victoria’s Secret to enhance its website security measures and compensate affected customers.
In 2017, security experts warned that hackers were targeting Victoria’s Secret customers ahead of the busy Christmas shopping season. Cybercriminals prepared for the surge in online shopping by offering tools to hack the retailer and its customers, including fake smartphone apps masquerading as the official Victoria’s Secret app and lists of vulnerabilities on its website.
The current incident serves as a reminder of the importance of robust cybersecurity measures and the need for continuous vigilance in protecting customer data. Retailers must invest in comprehensive security protocols, regular system audits, and employee training to mitigate the risks associated with cyber threats.
As Victoria’s Secret works diligently to restore its online services, customers are encouraged to remain cautious and monitor their accounts for any unusual activity. The company has assured that it is taking all necessary steps to address the incident and prevent future occurrences.
