Victoria’s Secret takes website offline after security incident

Victoria’s Secret has taken its website and parts of its in-store services offline following what the company described as a “security incident.”

Visitors to the company’s homepage on Wednesday were met with a message stating that the website and some services were disabled “as a precaution,” with no access to browse or purchase products online. The disruption began earlier this week, with many customers reporting they had been unable to shop online since at least Monday, according to Bloomberg.

In a statement to media outlets, Victoria’s Secret said it “immediately enacted our response protocols” and has engaged “third-party experts” to address the situation. “Our team is working around the clock to fully restore operations,” the company added in its public notice, adding that Victoria’s Secret and PINK stores remain open.

Shares of the company fell 6.88% on Wednesday, dropping $1.55 to close at $20.99, according to data from MarketWatch. Online and mobile purchases made up about one-third of Victoria’s Secret’s total revenue last year, amounting to approximately $2 billion in digital sales in 2024, Bloomberg reported.

While the company has not released specific details about the nature of the incident, the language used and involvement of external cybersecurity experts suggest the disruption may stem from a cyberattack or system breach.

These types of incidents can include ransomware attacks, data exfiltration, or other unauthorized access to internal systems. However, no such cause has been confirmed by the company.

Victoria’s Secret has not said when its website or mobile platforms will resume normal operations.