Victoria’s Secret website still down as it continues to address ’security incident’

Article content

NEW YORK — Victoria’s Secret has taken down its Canada and U.S. websites and says some in-store services will be unavailable as it addresses an unspecified “security incident.” 

A message to customers remained in place of the popular lingerie brand’s normal shopping site Thursday, stating that the company had halted these services “as a precaution.” 

“Our team is working around the clock to fully restore operations,” the message read. 

Victoria’s Secret did not immediately provide more details about the “security incident,” or specify whether it was a cyber attack. The Associated Press reached out to the Ohio company for further information on Thursday. 

It also wasn’t immediately clear when Victoria’s Secret identified the issue and began halting some of its operations. Most media reports of Victoria’s Secret website going dark emerged Wednesday — when the company also shared an update on social media — but some frustrated customers online said they began experiencing issues earlier in the week. 

A customer FAQ updated Wednesday night on Victoria’s Secret corporate site noted that it did not have an exact timing regarding the return of its website — and that customer care services were also unavailable. 

The company said that it is trying to fulfil orders placed before Monday and that it would be extending return windows and some direct mail coupon offers for impacted customers in the U.S. 

Victoria’s Secret said its stores, as well as its PINK brand locations, remain open for customers. But some in-store services, such as returning online orders in person, are unavailable per its customer FAQ. 

It was not immediately clear if any in-store services in Victoria’s Secret locations outside Canada and the U.S. were also impacted. But the company’s U.K. site appeared uninterrupted Thursday. 

Bloomberg News reported that Victoria’s Secret also stopped some of its office operations and that some employees were locked out of their company email accounts on Wednesday, citing an anonymous source familiar with the matter. 

Shares for Victoria’s Secret tumbled about 4% as of midday Thursday. 

While not confirmed by the company, the “security incident” impacting Victoria’s Secret’s operations bears all the hallmarks of a cyberattack. And it arrives as more and more companies report breaches that disrupt operations and/or expose customer data. 

Last week, for example, Adidas announced that it had recently become aware of an “unauthorized external party” obtaining some consumer data — mostly consisting of contact information — through a third-party customer service provider. The German shoe and clothing company said it would be informing impacted customers and working with law enforcement. 

And several British retailers — Marks & Spencer, Harrods and Co-op — have all shared that they’ve been targeted by cyberattacks over recent weeks. The cyberattack hitting M&S stopped it from processing online orders and left store shelves empty, with the company estimating that this will cost it 300 million pounds ($400 million). 

And following any cybersecurity incident impacting a consumer-facing brand, experts warn that it’s important for shoppers to be alert. Fraudsters might promise fake promotions through phishing emails, for example, or use sensitive information that may have been compromised.