Victoria’s Secret delays earnings report due to security breach

Victoria’s Secret recently announced a delay in the release of its quarterly earnings due to a security breach that disrupted its operations and led to the temporary shutdown of its U.S. shopping site. The popular lingerie brand first detected the security incident involving its information technology systems on May 24 and immediately initiated response protocols to contain and eradicate unauthorized network access by engaging with cybersecurity experts.

As a precautionary measure, Victoria’s Secret made the decision to temporarily shut down its corporate systems and online retail website starting on May 26. The U.S. Victoria’s Secret website remained offline for several days, causing frustration among customers until it was finally restored late Thursday. While the company did not directly confirm it, many analysts identified the incident as a potential cyberattack involving ransomware, a common threat faced by many retailers in today’s landscape.

Aside from impacting its website, the security breach also disrupted some in-store services at Victoria’s Secret and Pink-branded locations. The company has since restored most of these functions, but it is still in the process of fully recovering access to its corporate systems. Consequently, Victoria’s Secret decided to postpone the release of its first-quarter earnings as employees are unable to access critical systems and information required to finalize the financial report.

Despite the setback caused by the breach, Victoria’s Secret shared some preliminary results for the first quarter of 2025, exceeding previously issued guidance. The company expects to report $1.35 billion in net sales and an adjusted operating income of $32 million for the quarter. These figures surpass the average sales estimate of $1.33 billion by analysts surveyed by FactSet.

Following the breach, Victoria’s Secret emphasized that the incident did not impact its first-quarter results as it occurred after the period ended. However, the company plans to assess the full scope of the breach, including any potential expenses that could affect its future finances. This security incident comes at a time when various companies are reporting cyberattacks, disrupting operations and potentially exposing customer data, particularly in the retail sector.

In recent weeks, multiple British retailers, including Marks & Spencer, Harrods, and Co-op, disclosed cyberattacks targeting their systems. The cyberattack on Marks & Spencer, for instance, caused significant disruptions, leading to the halt of online orders and substantial financial implications for the company. Similarly, sportswear giant Adidas faced a data breach where an unauthorized external party obtained consumer data, primarily comprising contact information, through a third-party customer service provider.

Experts caution consumers to remain vigilant following cybersecurity incidents that could compromise their data. Fraudsters may capitalize on the situation by launching phishing attacks or other scams, exploiting the sensitive information that may have been compromised in the breach. As companies grapple with cybersecurity challenges, maintaining robust defenses and proactive measures becomes increasingly vital to safeguarding customer information and ensuring smooth operations.