Victoria’s Secret has decided to postpone the release of its quarterly earnings report due to a security breach that interrupted the brand’s corporate functions and led to a temporary shutdown of its U.S. shopping site for several days. In an announcement on Tuesday, Victoria’s Secret revealed that it discovered a “security incident involving its information technology systems” on May 24. The company quickly implemented response measures to contain and eliminate the unauthorized access by engaging with experts outside the company.
As part of these measures, the Ohio-based retailer decided to shut down its corporate systems and retail website on May 26 as a precautionary step. The website remained inaccessible for several days, which frustrated many shoppers, until it was finally restored late Thursday. Although Victoria’s Secret did not specifically confirm this, the incident appears to be characteristic of a ransomware cyberattack. Experts note that retailers are increasingly becoming targets of such attacks, which tend to cause significant and prolonged disruptions like the ones experienced by Victoria’s Secret.
In addition to the website shutdown, some in-store services at both Victoria’s Secret and Pink-branded locations had to be halted due to the breach. However, the company reported on Tuesday that it has mostly restored these services. Despite these challenges, Victoria’s Secret is still in the process of fully restoring access to its corporate systems, which contributes to the delay of its first-quarter earnings release. The company emphasized that employees are currently unable to access certain systems and information necessary to complete and disclose the financial report.
Nonetheless, Victoria’s Secret provided some preliminary financial results for its first quarter of 2025, which concluded on May 3. The company estimates net sales of $1.35 billion and an adjusted operating income of $32 million, surpassing the guidance issued earlier. Analysts had, on average, expected sales to reach around $1.33 billion. A specific date for the release of the revised earnings report has yet to be announced.
Victoria’s Secret asserted that last month’s security breach did not affect the company’s first-quarter results since the period ended before the disruption began. However, the company plans to continue evaluating the incident’s overall impact, including any expenses that might influence future finances. This security event at Victoria’s Secret is part of a broader trend affecting many companies, with breaches leading to operational disruptions or threats to customer data, particularly within the retail sector.
In recent weeks, several British retailers like Marks & Spencer, Harrods, and Co-op have revealed that they were also targets of cyberattacks. For instance, an attack on M&S hindered its ability to process online orders and left shelves empty, potentially costing the retailer 300 million pounds ($400 million). Last month, Adidas announced it became aware of an unauthorized external party acquiring some consumer data—primarily contact details—through a third-party customer service provider.
Following cyberattacks on consumer-focused brands, it’s vital for shoppers to remain vigilant. Experts warn that fraudsters can use such events to spread phishing emails with fake promotions and exploit sensitive information that might have been compromised.