Victoria's Secret has taken its website offline and disabled some in-store services after experiencing a cybersecurity incident, marking the latest disturbing trend of high-profile attacks targeting global retailers.
A statement replacing the homepage reads:
While operations at Victoria's Secret and PINK retail stores remain open, the temporary shutdown of its online presence during a peak holiday shopping period, Memorial Day Weekend, underscores the seriousness of the disruption.
A pattern of attacks against global retail brands
Police sources told the BBC that the hacking group Scattered Spider, a cybercrime gang reportedly including teenage members, is suspected of involvement. If confirmed, this would mark another instance of the group's operations extending into the U.S.
The Victoria's Secret incident follows on the heels of breaches at Dior, Adidas, and several major U.K. retailers such as Harrods, Co-op, and Marks & Spencer. While it remains unclear if the attacks are coordinated, some have been claimed by the DragonForce ransomware group.
This wave of retail breaches mirrors patterns seen in other sectors: once a technique proves effective, threat actors often replicate it across similar targets.
Ben Hutchison, Associate Principal Consultant at Black Duck, explains: "They may be considered 'victims of the moment.' Once a threat actor group successfully compromises a specific target or sector, this often motivates further attacks—both by the same group and by others seeking similar results."
U.S. retailers must heed the warning
Darren Guccione, CEO and Co-Founder of Keeper Security, says the Victoria's Secret breach "matches many of the patterns demonstrated in the breaches on U.K. companies "and may signal that Scattered Spider is now actively targeting U.S. companies."
He stresses that proactive strategies like Privileged Access Management (PAM) are essential to limit damage and maintain visibility across infrastructure, saying: "Automated password rotation, session monitoring, and just-in-time access limit a cybercriminal’s ability to steal data. PAM reduces access sprawl and mitigates the blast radius of an attack."
Guccione also urges consumers to protect themselves: "Customers should use a password manager and multi-factor authentication. A dark web monitoring service can alert users if their information is compromised so they can act quickly."
Beyond prevention: building cyber resilience
While traditional defenses remain vital, experts are increasingly emphasizing resilience over prevention.
Haviv Rosh, CTO at Pathlock, suggests that CISOs must operate under the assumption that a breach is inevitable. "Today's attackers aren't just technically skilled—they're socially creative and relentless. The question isn't if they get in, but what happens next," he said.
Rosh outlines a modern framework for security leaders:
-
Identify and protect crown-jewel assets
-
Segment critical workloads
-
Invest in recovery-first infrastructure, including immutable backups, fast restoration, and serverless or container-based modular failover
-
Continuously test recovery plans with red team drills and tabletop exercises
"The modern security program isn't defined by how many attacks it blocks, but by how confidently it recovers when hit. Resilience is now the most important control," Rosh concluded.
A call to action for the retail sector
Retailers operate with expansive digital footprints, high volumes of customer data, and complex supply chains—all of which make them prime targets for cybercriminals. The barrage of incidents affecting global brands are a wake-up call: cybersecurity can no longer be reactive or limited to compliance checklists.
Instead, it must be embedded into every level of the retail operation, from frontline staff training to executive strategy. As attackers become more creative, so too must defenders.
Follow SecureWorld News for more stories related to cybersecurity.
