Victoria’s Secret Website Offline Amid Cybersecurity Incident

Victoria’s Secret, headquartered in Reynoldsburg, Ohio, took its U.S. website offline on Sunday, May 25, 2025, following a cybersecurity incident that also disrupted certain in-store services. The company cited a "security incident" and stated that it had engaged third-party cybersecurity experts to assist in the investigation. The exact nature of the breach has not been disclosed, but the timing—coinciding with the Memorial Day weekend—has raised concerns about potential ransomware involvement. Physical Victoria’s Secret and PINK stores remain open, and payment systems are reportedly unaffected.

The incident has led to significant operational and financial impacts. Digital sales, which accounted for approximately one-third of the company's $6 billion revenue in 2024, have been halted. Victoria’s Secret shares fell nearly 7% following the announcement. Customers have expressed frustration over the lack of communication, with many taking to social media to report issues accessing the website and app. Employees have also reported difficulties accessing work accounts, raising concerns about timely payroll processing. The company has not provided a timeline for restoring online services, and investigations are ongoing.