Victoria's Secret takes down website after 'security incident'

Catch up with NBC News Clone on today's hot topic: Rcna209682 - Breaking News | NBC News Clone. Our editorial team reformatted this story for clarity and speed.

The cyberattack comes after British retailers faced a wave of security issues and breaches.

A Victoria's Secret store in New York City.Angus Mordant / Bloomberg via Getty Images file
SHARE THIS —
By Kevin Collier

The lingerie company Victoria’s Secret has paused online orders while dealing with an apparent cyberattack.

Since at least Wednesday, Victoria's Secret’s website has been replaced with a generic message and no links: “Valued customer, we identified and are taking steps to address a security incident. We have taken down our website and some in store services as a precaution. Our team is working around the clock to fully restore operations. We appreciate your patience during this process.”

The company’s physical stores remain open, it says.

A Victoria’s Secret spokesperson said it has hired third-party experts to deal with the problem but declined to answer questions about the specific nature of the cybersecurity issue and how long it might take to remedy. The perpetrators are unknown, but the incident comes two weeks after Google warned that an effective cybercriminal group — one that had significantly hampered British retail companies — had begun targeting major American brands.

Recommended

Artificial intelligenceChatGPT safety systems can be bypassed to get weapons instructions

The cyberattacks against British retailers, which began in late April, followed a consistent pattern. A group that Google said was most likely a loosely affiliated group of largely young, English-speaking young men — the cybersecurity industry refers to it as Scattered Spider — tricked people tied to the company into sharing access to sensitive company systems. Scattered Spider then appears to have given that access to a cybercriminal group, which calls itself DragonForce and makes money by extorting victims with sensitive data.

At least three British retailers appear to have been victims of that campaign: Marks & Spencer, which stopped taking online orders for weeks; the Co-op Group, which saw a major customer data breach; and Harrod’s, which appears to have sustained only minor outages.

Those attacks echo those in 2023 against two of the top Las Vegas casino companies, which caused MGM Resorts to suffer a litany of shutdowns, including some hotel keycards not opening guests’ rooms and some casino floors shutting down. In that case, cybersecurity researchers believed Scattered Spider gave access to a Russian-speaking cybercrime group.

Kevin Collier

Kevin Collier is a reporter covering cybersecurity, privacy and technology policy for NBC News.

NBC News Clone will keep curating essential reads for you — simplified and optimized.

×
AdBlock Detected!
Please disable it to support our content.

Related Articles

Donald Trump Presidency Updates - Politics and Government | NBC News Clone | Inflation Rates 2025 Analysis - Business and Economy | NBC News Clone | Latest Vaccine Developments - Health and Medicine | NBC News Clone | Ukraine Russia Conflict Updates - World News | NBC News Clone | Openai Chatgpt News - Technology and Innovation | NBC News Clone | 2024 Paris Games Highlights - Sports and Recreation | NBC News Clone | Extreme Weather Events - Weather and Climate | NBC News Clone | Hollywood Updates - Entertainment and Celebrity | NBC News Clone | Government Transparency - Investigations and Analysis | NBC News Clone | Community Stories - Local News and Communities | NBC News Clone