Victoria’s Secret has temporarily taken its U.S. website offline and suspended certain in-store services due to a recently identified security concern. The company said it took these steps as a safety measure but hasn’t shared many details.
On Thursday, customers saw a notice on the site instead of the usual shopping page. It said the company had paused operations “as a precaution.” Victoria’s Secret, based in Ohio, assured customers their team is “working around the clock” to restore services.
A spokesperson told CBS News that the company detected a security problem and responded right away. We’ve involved third-party experts, activated our response plan, and temporarily shut down our website and some store services to protect our customers.”
The company didn’t say what kind of attack occurred or when the issue started, though some customers reported problems as early as Monday. Media outlets began covering the website outage on Wednesday, the same day Victoria’s Secret addressed the issue on social media.
Currently, the company can’t say when the website will be back online. As of Wednesday night, customers couldn’t access support services. Victoria’s Secret said it is still processing orders placed before Monday and will extend return windows and specific coupon offers for affected U.S. customers.
Stores, including PINK brand locations, remain open, but they are currently not accepting in-person returns for online orders. The company hasn’t confirmed whether international store services are affected, though its UK website continued to operate as of Thursday.
Bloomberg News reported that the company paused some internal operations. It also temporarily locked employees out of their email accounts, according to an unnamed source.
By midday Thursday, Victoria’s Secret shares had fallen by approximately 4% after the announcement.
Although the company hasn’t confirmed it, the situation appears similar to a cyberattack — something more and more companies are facing. Just last week, Adidas revealed that a third-party vendor had experienced a breach, exposing some customer contact information.
Several British brands, including Marks & Spencer, Harrods, and Co-op, have also recently suffered cyberattacks. For example, the M&S breach halted online orders and caused store shortages, which may cost the company up to £300 million ($400 million).
Experts advise shoppers to stay cautious after such incidents. Scammers may send fake offers or phishing emails to trick people, especially if they have gained access to customer data.
