Victoria’s Secret has delayed the announcement of its quarterly revenue following a security breach that disrupted operations of the well-known lingerie brand and forced U.S. shopping sites to shut down for several days last week.
In an update provided on Tuesday, Victoria’s Secret indicated that it first noticed a “security incident involving information technology systems” on May 24. The company quickly activated an “effective response protocol” to manage and eliminate unauthorized access to its network.
On May 26, retailers in Ohio announced the temporary closure of the company’s systems and its retail website as a precautionary step.
Days later, the U.S. Victoria’s Secret website remained inaccessible, causing considerable frustration for customers. In fact, I couldn’t get back online until late Thursday.
While there hasn’t been direct confirmation from Victoria’s Secret, the incident exhibited traits typical of a cyberattack, possibly involving ransomware.
Analysts have pointed out that an increasing number of retailers are facing similar attacks, highlighting how extensive and disruptive the confusion has been for Victoria’s Secret operations.
In addition to the website troubles, some in-store services at Victoria’s Secret and Pink locations were also affected. However, the company stated on Tuesday that most of these services have now been restored.
The security breach has hindered the release of first-quarter revenues while the company works towards fully recovering access to its corporate systems. They mentioned that some employees are currently restricted from accessing specific systems and information.
Despite these challenges, Victoria’s Secret shared some preliminary financial results. For the first quarter of 2025, ending May 3, the company reported net sales of $1.35 billion and an adjusted operating profit of $32 million, suggesting it might exceed previously issued expectations. Analysts surveyed by Factset anticipated sales around $1.33 billion.
Importantly, Victoria’s Secret has not yet provided a new date for when its first-quarter revenue will be disclosed.
The company claimed that last month’s security breach didn’t affect the quarterly results since the period had concluded before the disruption occurred. Yet, they also indicated that they would continue to evaluate the situation to understand the complete impact, including any costs that may influence future financial standings.
The ongoing security incidents affecting Victoria’s Secret come as numerous businesses, particularly retailers, are grappling with similar breaches that disrupt operations or expose customer data.
Recent weeks have seen UK retailers like Marks & Spencer and Harrods also become targets of cyberattacks, underscoring a rising trend in these incidents.
A cyberattack that targeted M&S disrupted online order processing and resulted in empty store shelves, with estimates citing a potential loss of £300 million (approximately $400 million).
Additionally, Adidas recently reported being aware of “fraudulent external parties” who accessed consumer information, mainly contact details, through third-party customer service providers.
As these cybersecurity issues affect consumer brands, experts stress the importance of shoppers being cautious. Scammers might exploit any compromised sensitive information to roll out fake promotions, potentially through phishing emails.
