Victoria’s Secret has shut down its U.S. e-commerce platform and disabled select in-store systems following a confirmed cybersecurity incident. The Ohio-based retailer, which operates 1,350 stores across 70 countries, replaced its main website with a maintenance notice assuring customers that teams are working “around the clock” to restore services. Its UK site and physical PINK-branded stores remain operational.
The company’s shares dropped sharply on Wednesday as news of the breach spread, with shoppers flooding social media to complain about inaccessible order tracking and unresponsive customer service.
“How can I check my order status when your page has been down for 2 days?!?” one customer posted on X (formerly Twitter), reflecting widespread frustration. Victoria’s Secret has not disclosed the attack’s origin or duration, only confirming engagement with third-party cybersecurity experts.
The breach follows devastating ransomware attacks on UK retailers like Marks & Spencer (projected £300M losses) and Co-op (empty shelves, payment disruptions). Cybercriminal group Scattered Spider—linked to teenage hackers—has claimed responsibility for some incidents, stealing customer data and demanding ransom payments.
Meanwhile, a security analyst Vonny Gamot of McAfee warned affected customers to proactively change passwords and enable two-factor authentication, noting companies often take weeks to identify all compromised accounts.
