Victoria’s Secret Website Remains Offline Following Security Incident
Victoria’s Secret has confirmed that its website has been offline since Thursday morning, May 29, due to a security incident. In a statement on their site, the retailer indicated that they have temporarily disabled their online services and certain in-store capabilities as a precautionary measure.
The company assured customers that a dedicated team is working diligently to restore normal operations as swiftly as possible, appreciating the public’s understanding during this period. While the digital storefront is shut down, physical locations of both Victoria’s Secret and its subsidiary, PINK, remain operational.
Reuters reported on the evening of May 28 that the decision to take the website offline was made in light of the security concerns, although the specifics of the incident have not yet been disclosed. As cybersecurity threats continue to escalate in frequency and severity, the shut down appears to be part of a broader trend affecting businesses across various sectors.
The surge in cybersecurity incidents, including recent breaches at high-profile companies such as Adidas, which disclosed customer contact information theft last week, highlights the urgent need for robust security measures. In a stark reminder of the potential fallout from cyberattacks, a breach last year involving cloud services from Snowflake affected more than 160 major companies, including AT&T and Ticketmaster.
Cybersecurity experts report that vulnerabilities related to third-party relationships are becoming a significant area of concern for organizations. In 2023, a troubling 15% of data breaches were linked to third-party vendors, service providers, or platforms handling sensitive customer data. This percentage has alarmingly doubled to 30%, signaling a growing reliance on external partners that can introduce substantial risk.
As detailed in a recent Verizon cybersecurity report, this interconnectedness of services raises practical concerns that can drive strategic decisions in sectors like financial services, where security is paramount. Many organizations find themselves grappling with the equation of increased third-party integrations and human errors contributing to a higher likelihood of breaches.
Legal experts indicate that data breach litigation is on the rise, with the number of lawsuits climbing from 400 in 2021 to over 2,000 last year. With financial institutions being prime targets, the landscape suggests a potential surge in both the frequency and cost of breaches until organizations can effectively manage their vulnerabilities.
From a tactical standpoint, the potential adversary techniques employed in the recent incident may include initial access tactics—such as phishing or exploitation of public-facing applications—as well as persistence and privilege escalation strategies. Understanding the implications of these tactics within the MITRE ATT&CK framework is crucial for organizations aiming to strengthen their defenses.
As the fallout from recent breaches continues, businesses must remain vigilant and proactively assess their cybersecurity posture, particularly concerning vendor relationships and operational third-party dependencies. The evolving threat landscape necessitates a comprehensive approach to cybersecurity that mitigates risks associated with external collaborations.
