Victoria's Secret Exposed? Retailer Takes Down Website to Address ‘Security Incident’

Underwear retail giant Victoria's Secret has taken down its website to address a security incident that bears the hallmarks of a ransomware attack.

The American lingerie maker took down the site Wednesday, posting an ominous message:

Valued customer, we identified and are taking steps to address a security incident. We have taken down our website and some in store services as a precaution. Our team is working around the clock to fully restore operations. We appreciate your patience during this process. In the meantime, our Victoria’s Secret and PINK stores remain open and we look forward to serving you.

‘Third-party experts are engaged’

Responding to media inquiries, a spokesperson said, “We identified and are taking steps to address a security incident. We immediately enacted our response protocols, third-party experts are engaged, and we took down our website and some in-store services as a precaution. We are working to quickly and securely restore operations.”

The terse statement, while transparent, could hint toward a targeted hacker attack, likely involving ransomware.

Extortionists typically target large retailers to pilfer personal and financial data, then demand a hefty ransom, threatening to leak the data or sell it to fraudsters if negotiations fail.

The underwear retailer doesn’t name the culprits or say whether they’ve made any demands.

The official victoriassecret.com website displays a terse, yet transparent warning about a potentially serious breach of its IT network. The notice displays a timer (to the second) informing visitors that the retailer is actively working to address the incident.

No big ransomware gang has claimed responsibility for the breach at the time of this writing, but this may change in the coming days.

As reported by The Register, the company has declined to respond to questions about a possible ransomware infection, or whether it has called on the police to investigate.

A spokesperson did confirm to the British news outlet that its brick-and-mortar stores are open and operating as normal, indicating that the incident has at least not affected payment systems.

What to do if your data is caught in a breach

While Victoria’s Secret has yet to confirm it has suffered a data breach at the hand of extortionists, security incidents like these can end with troves of customer and company data getting leaked or sold to bidders on the Dark Web to be used in socially engineered scams, fraud, or even extortion.

In the case of a retailer like Victoria’s Secret, extortion is certainly not out of the question on the customers’ end.

Anyone affected by a data breach should consider a data monitoring service. Bitdefender Digital Identity Protection lets you know if your data has been compromised or leaked online, what risks you face, and how to protect yourself.

If you’re a Victoria’s Secret customer, past or present, watch out for unsolicited communications citing your personal data. When in doubt about a suspicious text, phone call, or social media interaction, use Scamio, our free scam-fighting bot.

Consider using a security solution on all your devices for peace of mind.

You may also want to read:

US Healthcare Giant Tells Patients to Watch Out Following Cyberattack

Phone Scammers Target Ohio Residents Following Cyberattack on Local Health System

Hackers May Have Grabbed Investor Data from VC Firm Insight Partners in Recent Breach

Nova Scotia Citizens Told to Watch Out for Scams Following Ransomware Attack on Energy Supplier