Victoria’s Secret Faces Ongoing Disruption After Cybersecurity Incident
Victoria’s Secret has delayed the release of its Q1 2025 earnings results, citing ongoing restoration of corporate systems impacted by a May 24 cybersecurity incident. The fashion retail giant disclosed the development in a press release, noting that the disruption has affected access to financial data and reporting systems.
The company, which operates around 1,380 stores across nearly 70 countries and reported $6.23 billion in annual revenue for the fiscal year ending February 1, 2025, took immediate steps in response to the incident. On May 26, Victoria’s Secret disabled several corporate systems, paused some in-store services, and temporarily took its e-commerce platform offline as a precaution.
According to the press release:
“The website was restored on May 29, 2025 and work is ongoing to restore full access to corporate systems. The incident also affected certain limited functions in Victoria’s Secret and PINK stores, most of which have been restored.”
“The restoration process has prevented employees from accessing certain systems and information needed to support the Company’s release of its financial results for the first quarter ended May 3, 2025. As a result, the Company is postponing the date of its previously announced first quarter 2025 earnings release and earnings call webcast.”
While the company has not confirmed the exact nature of the incident, the description of events—including widespread disruption and ongoing system recovery—points toward a likely ransomware attack.
Wider Impact Across the Fashion Retail Sector
Victoria’s Secret is not the only brand to suffer a cyberattack in recent months. Similar incidents have affected other high-profile fashion and retail companies:
- French luxury brands Dior and Cartier recently reported security incidents.
- German sportswear giant Adidas disclosed a data breach last week, where threat actors compromised a third-party customer service provider and accessed customer data.
- In the UK, retailers like Harrods, Co-op, and Marks & Spencer have also faced recent cyberattacks attributed to ransomware groups including DragonForce and Scattered Spider.
These incidents underscore a rising trend of ransomware targeting high-revenue retail operations with expansive digital infrastructure. As companies become increasingly reliant on connected systems—from customer service to inventory to financial reporting—they also become more vulnerable to attack vectors that disrupt operations at scale.
Victoria’s Secret has confirmed that external cybersecurity experts were engaged to assess the impact and support recovery efforts. The company has not responded to further requests for information on the technical details or attribution of the attack.
The earnings release and investor call, originally scheduled to cover financial performance through May 3, 2025, will be rescheduled once internal access to critical systems is fully restored.
