Victoria’s Secret experienced a significant security breach on May 28-29, 2025, forcing the lingerie retailer to shut down its website and suspend select in-store services as a precautionary measure. The company confirmed the incident through a public message posted on its website outage page, apologizing to customers although withholding specific details about the nature of the breach.
The timing of the cyberattack proves particularly damaging for Victoria’s Secret, considering that digital sales represented approximately $2 billion of the company’s $6.23 billion annual revenue for the fiscal year ending February 1, 2025. This digital revenue stream accounts for roughly one-third of total company sales, making the website disruption a substantial operational concern.
Financial markets responded negatively to the news, with company shares dropping nearly 7% following the incident announcement. Similar breaches have shown that cybercrime costs for affected businesses can reach into millions of dollars.
The security breach sent Victoria’s Secret stock tumbling 7% as investors reacted swiftly to the cyberattack announcement.
Victoria’s Secret operates 1,380 retail stores across nearly 70 countries worldwide, with physical locations remaining open regardless of the cyber incident. Nonetheless, some in-store services have been temporarily halted during the ongoing investigation.
The company activated immediate response protocols, engaging third-party cybersecurity experts to assess the scope and impact of the breach. Operations teams continue working around the clock to restore full service capabilities.
The retailer has not disclosed whether customer data was compromised during the incident, nor has it confirmed any involvement from law enforcement agencies. Company messaging underscores the precautionary nature of taking systems offline, though the incident bears hallmarks consistent with sophisticated cyberattacks targeting major retailers.
External cybersecurity professionals are conducting an all-encompassing investigation to determine the full extent of the breach. No official timeline has been provided for complete service restoration, leaving customers without access to online shopping capabilities during peak retail periods. The company continues to fulfill orders placed before the disruption occurred.
The company maintains its commitment to customer safety while urging patrons to monitor their accounts for suspicious activity. Customers attempting to access the Victoria’s Secret website encountered a black screen displaying information about the security incident instead of the normal homepage.
Industry observers note this incident follows a pattern of high-profile cyberattacks affecting major retail chains, potentially leading to increased scrutiny from both customers and regulatory authorities. Victoria’s Secret continues providing updates through official channels as the investigation progresses.
