Victoria’s Secret experienced a **cyber attack in late May 2025**, forcing the company to shut down its website and pause some in-store services from **May 26 to May 29**. The incident disrupted operations, delayed Q1 financial reporting, and resulted in an estimated **$20 million loss in Q2 net sales** due to service outages. While no customer data breach was explicitly confirmed in the article, the attack caused **significant operational disruption**, including halted online transactions, paused customer care services, and extended return/reward windows to mitigate customer impact. The company’s restoration efforts delayed financial reporting, highlighting the attack’s severity in terms of **business continuity and financial repercussions**. The incident aligns with a broader trend of **targeted retail cyber attacks**, emphasizing vulnerabilities in e-commerce and in-store systems.
TPRM report: https://www.rankiteo.com/company/victoria's-secret
"id": "vic840090225",
"linkid": "victoria's-secret",
"type": "Cyber Attack",
"date": "5/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'industry': 'Fashion/Apparel',
'location': 'Global (HQ: Columbus, Ohio, USA)',
'name': 'Victoria’s Secret',
'size': 'Large (publicly traded)',
'type': 'Retailer'},
{'industry': 'Outdoor Apparel',
'location': 'Global (HQ: Denver, Colorado, USA)',
'name': 'The North Face',
'size': 'Large',
'type': 'Retailer (subsidiary of VF Corp.)'},
{'industry': 'Luxury Goods/Jewelry',
'location': 'Global (HQ: Paris, France)',
'name': 'Cartier',
'size': 'Large',
'type': 'Luxury Retailer (subsidiary of Richemont)'}],
'attack_vector': [{'cartier': 'Unauthorized system access',
'the_north_face': 'Credential stuffing'}],
'customer_advisories': [{'cartier': ['Email notification about unauthorized '
'access and compromised PII (names, '
'addresses, etc.)'],
'the_north_face': ['Email notification to customers '
"about 'small-scale' attack and "
'stolen data (names/emails)'],
'victorias_secret': ['Website outage notifications '
'(2025-05-26–29)',
'FAQ page with extended '
'policies']}],
'data_breach': {'data_exfiltration': [{'cartier': 'Yes',
'the_north_face': 'Yes'}],
'personally_identifiable_information': [{'cartier': 'Yes '
'(names, '
'addresses, '
'birth '
'dates, '
'phone '
'numbers)',
'the_north_face': 'Partial '
'(emails '
'only)'}],
'sensitivity_of_data': [{'cartier': 'High (PII including '
'addresses and birth '
'dates)',
'the_north_face': 'Low (no '
'financial/PII '
'beyond emails)'}],
'type_of_data_compromised': [{'cartier': ['Names',
'Emails',
'Products purchased',
'Shipping addresses',
'Birth dates',
'Telephone numbers'],
'the_north_face': ['Names',
'Emails'],
'victorias_secret': None}]},
'date_detected': [{'the_north_face': '2025-04-01 (disclosed in June 2025)',
'victorias_secret': '2025-05-26'}],
'date_publicly_disclosed': [{'cartier': '2025-06-04',
'the_north_face': '2025-06-04',
'victorias_secret': '2025-05-30'}],
'date_resolved': [{'victorias_secret': '2025-05-30 (website restored)'}],
'description': 'A series of cyber attacks targeted major retail brands in May '
'and June 2025, including Victoria’s Secret, The North Face, '
'and Cartier. Victoria’s Secret experienced a significant '
'security incident leading to website shutdowns, delayed '
'financial reporting, and an estimated $20 million loss in Q2 '
'net sales. The North Face and Cartier reported separate '
'credential stuffing and unauthorized access incidents, '
'respectively, resulting in the theft of customer data (names, '
'emails, purchase histories, addresses, birth dates, and phone '
'numbers). The attacks highlight a growing trend of '
'retail-sector cyber threats, with financial, operational, and '
'reputational impacts.',
'impact': {'brand_reputation_impact': ['High (loss of customer trust, '
'reputational damage across all three '
'brands)'],
'data_compromised': [{'cartier': 'Customer names, emails, products '
'purchased, shipping addresses, '
'birth dates, telephone numbers',
'the_north_face': 'Customer names and emails',
'victorias_secret': None}],
'downtime': [{'cartier': None,
'the_north_face': None,
'victorias_secret': '2025-05-26 to 2025-05-29 '
'(website and some in-store '
'services)'}],
'financial_loss': [{'cartier': None,
'the_north_face': None,
'victorias_secret': '$20 million (Q2 net sales '
'impact)'}],
'identity_theft_risk': [{'cartier': 'Moderate (PII including birth '
'dates and addresses exposed)',
'the_north_face': 'Low (no financial data '
'stolen)'}],
'operational_impact': [{'cartier': None,
'the_north_face': None,
'victorias_secret': 'Delayed Q1 2025 '
'financial reporting, '
'extended '
'return/coupon '
'windows'}],
'payment_information_risk': [{'cartier': None,
'the_north_face': 'None (explicitly '
'stated no '
'financial details '
'stolen)',
'victorias_secret': None}],
'revenue_loss': [{'cartier': None,
'the_north_face': None,
'victorias_secret': '$20 million (Q2)'}],
'systems_affected': [{'cartier': ['Internal systems (temporary '
'access)'],
'the_north_face': ['Website'],
'victorias_secret': ['Website',
'Customer Care Services',
'some in-store '
'systems']}]},
'investigation_status': [{'cartier': 'Ongoing (limited details shared)',
'the_north_face': 'Completed (attributed to '
'credential stuffing)',
'victorias_secret': 'Ongoing (root cause not '
'disclosed)'}],
'lessons_learned': ['Retailers are high-value targets for cyber attacks due '
'to vast customer data repositories.',
'Third-party vendor risks (e.g., Adidas’ customer service '
'provider breach) underscore the need for supply chain '
'cybersecurity oversight.',
'Credential stuffing remains a persistent threat, '
'emphasizing the need for multi-factor authentication '
'(MFA) and password hygiene.',
'Proactive incident response plans and customer '
'communication strategies are critical to mitigating '
'reputational and financial damage.',
'Coordinated attacks on the retail sector suggest '
'potential campaign-style threats requiring industry-wide '
'collaboration.'],
'motivation': ['Likely financial gain (data theft, potential ransomware, or '
'disruption)'],
'post_incident_analysis': {'corrective_actions': [{'cartier': None,
'the_north_face': None,
'victorias_secret': ['System '
'restoration',
'financial '
'reporting '
'delays',
'customer '
'policy '
'extensions']}],
'root_causes': [{'cartier': 'Unauthorized system '
'access (method '
'unspecified)',
'the_north_face': 'Credential '
'stuffing due '
'to reused '
'customer '
'passwords from '
'prior breaches',
'victorias_secret': None}]},
'recommendations': ['Implement MFA and passwordless authentication to combat '
'credential stuffing.',
'Conduct third-party cybersecurity audits for vendors '
'with access to customer data.',
'Develop and test incident response plans, including '
'website takedown procedures and customer notification '
'templates.',
'Invest in adaptive security measures (e.g., behavioral '
'WAFs, network segmentation) to detect and contain '
'breaches early.',
'Prioritize transparency in post-incident communications '
'to maintain customer trust.'],
'references': [{'date_accessed': '2025-06-13', 'source': 'Retail TouchPoints'},
{'date_accessed': '2025-06-11',
'source': 'Victoria’s Secret Corporate FAQ'},
{'source': 'The Guardian (Marks & Spencer attack coverage)'},
{'source': 'Fastly Research (Retail Cybersecurity Report)'}],
'response': {'communication_strategy': [{'cartier': ['Customer email '
'notification'],
'the_north_face': ['Customer email '
'notification'],
'victorias_secret': ['Public '
'statement '
'(2025-05-30)',
'FAQ page for '
'customers',
'delayed '
'earnings '
'announcement']}],
'containment_measures': [{'cartier': None,
'the_north_face': None,
'victorias_secret': ['Website shutdown',
'pause of some '
'in-store '
'services']}],
'incident_response_plan_activated': [{'cartier': None,
'the_north_face': None,
'victorias_secret': 'Yes '
'(website '
'shutdown, '
'containment '
'measures)'}],
'recovery_measures': [{'cartier': None,
'the_north_face': None,
'victorias_secret': ['Website restored by '
'2025-05-30',
'financial reporting '
'delayed to '
'2025-06-11']}],
'remediation_measures': [{'cartier': None,
'the_north_face': None,
'victorias_secret': ['System '
'restoration',
'extended '
'return/coupon '
'windows']}]},
'stakeholder_advisories': ['Victoria’s Secret delayed Q1 2025 earnings '
'announcement (2025-06-11) with disclosure of $20M '
'Q2 impact.',
'Extended return and coupon redemption windows for '
'affected customers.'],
'title': 'Cyber Attacks on Victoria’s Secret, The North Face, and Cartier '
'(May-June 2025)',
'type': ['Cyber Attack (Victoria’s Secret: unspecified; The North Face: '
'credential stuffing; Cartier: unauthorized access)'],
'vulnerability_exploited': [{'the_north_face': 'Reused customer credentials '
'from prior breaches'}]}