NEW YORK (AP) — Victoria’s Secret has taken down its U.S. website and says some in-store services will also be unavailable as it addresses an unspecified “security incident.”
A message to customers remained of the popular lingerie brand’s normal shopping site Thursday, stating that the Ohio-based company had halted these operations “as a precaution.”
“Our team is working around the clock to fully restore operations,” the message read.
Victoria’s Secret did not provide many details about the “security incident,” or directly confirm whether it was a cyber or ransomware attack. When asked for further information Thursday, a spokesperson just said that the company “immediately enacted our response protocols” and has engaged with third-party experts.
Victoria’s Secret also didn’t specify when it first identified the issue and began pulling back services. Most of the retailer’s website going dark emerged Wednesday — when the company also shared an update — but some frustrated customers online said they began experiencing issues earlier in the week, as far back as Monday.
An for Victoria’s Secret notes that the company doesn’t have an estimate for when its site will be back up. Its customer care services were also offline as of Wednesday night.
The company added that it is trying to fulfill orders placed before Monday and that it would be extending return windows and some direct mail coupon offers for impacted customers in the U.S.
Victoria’s Secret said its stores, as well as its PINK brand locations, remain open for customers. But some in-store services — such as returning online orders in person — are unavailable per its customer FAQ.
It was not immediately clear if any in-store services in Victoria’s Secret locations outside the U.S. were also impacted. But the company’s U.K. site appeared uninterrupted Thursday.
Bloomberg News that Victoria’s Secret also stopped some of its office operations and that some employees were locked out of their company email accounts on Wednesday, citing an anonymous source familiar with the matter.
Shares for Victoria’s Secret tumbled about 4% as of midday Thursday.
While not confirmed by the company, the “security incident” impacting Victoria’s Secret’s operations bears all the hallmarks of a cyberattack. And it arrives as more and more companies report breaches that disrupt operations and/or expose customer data.
Last week, for example, Adidas that it had recently become aware of an “unauthorized external party” obtaining some consumer data — mostly consisting of contact information — through a third-party customer service provider. The German shoe and clothing company said it would be informing impacted customers and working with law enforcement.
And several British retailers — , and Co-op — have all shared that they’ve been targeted by cyberattacks over recent weeks. The cyberattack hitting M&S stopped it from processing online orders and left store shelves empty, with the company this will cost it 300 million pounds ($400 million).
And following any cybersecurity incident impacting a consumer-facing brand, experts warn that it’s important for shoppers to be alert. Fraudsters might promise fake promotions through phishing emails, for example, or use sensitive information that may have been compromised.
The post Victoria’s Secret US website is down as lingerie seller addresses ‘security incident’ appeared first on Associated Press.
