Victoria’s Secret Delays Earnings Report due to Cyberattack

Description

The popular women’s retail chain, Victoria’s Secret, had to delay the release of their first quarter earnings report due to a cyberattack they experienced earlier in the week. The timing of the incident, occurring during the Memorial Day holiday weekend, suggests deliberate planning by the attackers to maximize disruption while minimizing immediate response capabilities.

The company was forced to shut down its U.S. retail website as well as some of its in-store services, both of which disrupted the shopping experience for its customers and digital sales. The website was not fully restored until May 29. The release of the quarterly earnings report was delayed because employees could not access the systems needed to finalize financial results.

Although Victoria’s Secret has not disclosed specific attack details, the operational patterns strongly suggest a ransomware incident. Cybersecurity researchers have identified potential links to the Scattered Spider criminal organization, a group known for systematically targeting major retailers across the United States and United Kingdom.

Preliminary assessments indicate that attackers may have accessed sensitive information spanning multiple categories, including customer personal data, employee records, third-party vendor information, and internal company data. The full scope of compromised information continues to be evaluated as part of the ongoing investigation.

Actions Taken

The company proactively shut down corporate systems as a containment measure to prevent lateral movement and limit additional data exposure. External cybersecurity experts were also brought in immediately to assist with the remediation efforts and forensic investigation. Victoria’s Secret posted statements on its website and social media, informing customers about the security incident, the website shutdown, and ongoing efforts to resolve the issue. To mitigate customer inconvenience, the company extended their return policy windows and direct mail coupon offerings.

Prevention

Given the limited information about the attack, it is difficult to determine what measures could have prevented the attack. However, regardless of the controls already in place, organizations should conduct frequent vulnerability assessments and penetration tests to proactively identify and remediate weaknesses that skilled attackers could exploit. Maintaining this level of vigilance is essential, as attack surfaces continually evolve with changes in installed applications, enabled features, and software updates. It is also important to automate the updating and patching process to close vulnerabilities as quickly as possible.

If indeed this was a ransomware attack, a modernized backup system would have proved invaluable to restore systems and data and terminate the disruption to services. Backups should be encrypted and stored using a mix of on-premises, cloud-based, and air-gapped offline solutions to ensure resilience against encryption or deletion by attackers.

It seems evident that Victoria’s Secret had a well-designed incident response plan (IRP) in place. In addition to creating one, companies need to conduct live drills and tabletop exercises to ensure that their response team is prepared to respond quickly and effectively to real threats.

READ MORE HALOCK BREACH BULLETINS