The lingerie company Victoria’s Secret has paused online orders while dealing with an apparent cyberattack.
Since at least Wednesday, Victoria’s Secret’s website has been replaced with a generic message and no links: “Valued customer, we identified and are taking steps to address a security incident. We have taken down our website and some in store services as a precaution. Our team is working around the clock to fully restore operations. We appreciate your patience during this process.”
The company’s physical stores remain open, it says.
A Victoria’s Secret spokesperson said it has hired third-party experts to deal with the problem but declined to answer questions about the specific nature of the cybersecurity issue and how long it might take to remedy. The perpetrators are unknown, but the incident comes two weeks after Google warned that an effective cybercriminal group — one that had significantly hampered British retail companies — had begun targeting major American brands.
The cyberattacks against British retailers, which began in late April, followed a consistent pattern. A group that Google said was most likely a loosely affiliated group of largely young, English-speaking young men — the cybersecurity industry refers to it as Scattered Spider — tricked people tied to the company into sharing access to sensitive company systems. Scattered Spider then appears to have given that access to a cybercriminal group, which calls itself DragonForce and makes money by extorting victims with sensitive data.
At least three British retailers appear to have been victims of that campaign: Marks & Spencer, which stopped taking online orders for weeks; the Co-op Group, which saw a major customer data breach; and Harrod’s, which appears to have sustained only minor outages.
Those attacks echo those in 2023 against two of the top Las Vegas casino companies, which caused MGM Resorts to suffer a litany of shutdowns, including some hotel keycards not opening guests’ rooms and some casino floors shutting down. In that case, cybersecurity researchers believed Scattered Spider gave access to a Russian-speaking cybercrime group.
