Latest news with #securityincident
CTV News
a day ago
- Business
- CTV News
Victoria's Secret site back online after days-long cyber incident
Victoria's Secret apparel is displayed for sale at a Victoria's Secret department store in June 2023 in Austin, Texas. Shares of Victoria's Secret fell Wednesday after the lingerie company took down its U.S. website. (via CNN Newsource) New York — The website for Victoria's Secret was back online Friday after a prolonged 'security incident' caused the lingerie company to take down the site for several days. The retailer said in an emailed statement Friday it was 'back online' and appreciated 'our customers' patience.' It did not immediately respond to CNN's request for comment about the reason for the incident. Shares of Victoria's Secret have fallen nearly 6 per cent since Monday, when the company first posted on its U.S. website that it was suffering from a prolonged security incident. Shoppers visiting the website earlier this week saw a pink screen with the company's statement rather than its usual selection of lingerie, sleepwear and other products. The retailer had 'identified' and was 'taking steps to address a security incident,' according to a statement posted to its website earlier this week. 'We have taken down our website and some in store services as a precaution.' It's rare for a company of Victoria Secret's size to have such a lengthy site-wide outage. While its physical retail stores remain open, revenue from online shopping is critical for Victoria's Secret. The brand generated US$2 billion in net sales from direct channels that include online shopping in 2024, or roughly a third of its annual sales. Hackers are getting increasingly sophisticated thanks to artificial intelligence, Richard Blech, CEO of AI security firm XSOC Corp., told to CNN. And many retailers may not be prepared for such attacks since they usually outsource cybersecurity to third-party organizations managing multiple accounts, he said. 'Hackers are ahead of the game and well-resourced,' Blech said. 'It's a critical failure in digital trust.' In a statement to CNN Wednesday, Victoria's Secret said that it 'immediately enacted our response protocols' and that 'third-party experts are engaged.' Attacking unprepared retailers seems to be a new trend for sophisticated hackers, according to Blech. CNN reported that U.S. retail companies were targeted by hackers associated with a notorious cybercriminal group this month, prompting FBI intelligence briefings. The group was suspected of hacking UK-based Marks & Spencer, which severely hindered the company's online presence and will cost the retailer 300 million pounds in lost operating profits and disruptions until July, Reuters reported. Blech said the intensity of Victoria's Secret hack could follow a similar trajectory. CNN has asked the company for more detail. A report from Bloomberg and posts on social media indicate the outage has been going on since at least Monday. Last year, Victoria's Secret nabbed Hillary Super as its CEO as the company struggled to maintain demand. Super was previously CEO of Rihanna's Savage X Fenty, the buzzy, digital-first lingerie venture that gave Victoria's Secret fresh competition. Article by Ramishah Maruf. CNN's Sean Lyngaas contributed to this story.
Daily Mail
2 days ago
- Business
- Daily Mail
Victoria's Secret takes down website after cyber attack
Global retail giant Victoria's Secret shut down its website and paused all online orders after the company was hit by a crippling cyber attack. The popular lingerie company posted a message warning of a 'security incident' on its website Wednesday with no links or other functionalities available. 'Valued customer, we identified and are taking steps to address a security incident. We have taken down our website and some in-store services as a precaution,' the retailer said. 'Our team is working around the clock to fully restore operations. We appreciate your patience during this process. In the meantime, our Victoria's Secret and PINK stores remain open and we look forward to serving you.' Because of the glitch, the Ohio-based company has informed its corporate employees not to come into work Tuesday or Wednesday until the issue is resolved. They are also not allowed to log into their accounts. While the company's website remains down, physical Victoria's Secret stores remain open, but some functionalities are not working correctly. Stores have not been able to process gift cards, rewards, online orders, returns or store credit cards because of the complication. One staff member, who chose to remain anonymous, told WSYX she and her coworkers fear they won't get paid while the issue continues. 'We're concerned if we're gonna get paid for these days off and if we're even gonna get our paycheck on Friday,' she said. It remains unknown when the issue will be resolved and when corporate employees can return to work. A spokesperson with the company said they hired third-party experts to try and fix the problem, but did not comment further about the specifics of the cyber security attack, NBC News reported. The company operates about 1,350 stores across 70 countries. It's shares closed down about seven percent at $20.99 Wednesday, according to Reuters. contacted Victoria's Secret for comment. News of the attack comes just days after another famed global brand was breached. Adidas confirmed the German sportswear company was hit by a cyber attack Friday. Officials said the cyber criminals were able to steal 'certain consumer data' through a 'third-party customer service provider.' Thankfully, the affected data did not contain passwords, credit card, or any other payment-related information, the brand confirmed. Instead, it mainly consisted of contact information relating to customers who had contacted Adidas' customer service help desk in the past. After becoming aware of the incident last week, Adidas said it 'immediately took steps to contain the incident.' 'We immediately took steps to contain the incident and launched a comprehensive investigation, collaborating with leading information security experts,' it explained on its website. It explained that any customers who have potentially been affected have been contacted. 'Adidas is in the process of informing potentially affected consumers as well as appropriate data protection and law enforcement authorities consistent with applicable law,' it explained.
Daily Mail
2 days ago
- Business
- Daily Mail
Global retail giant removes website and pauses all online orders after crippling cyber attack
Global retail giant Victoria's Secret shut down its website and paused all online orders after the company was hit by a crippling cyber attack. The popular lingerie company posted a message warning of a 'security incident' on its website Wednesday with no links or other functionalities available. 'Valued customer, we identified and are taking steps to address a security incident. We have taken down our website and some in-store services as a precaution,' the retailer said. 'Our team is working around the clock to fully restore operations. We appreciate your patience during this process. In the meantime, our Victoria's Secret and PINK stores remain open and we look forward to serving you.' Because of the glitch, the Ohio-based company has informed its corporate employees not to come into work Tuesday or Wednesday until the issue is resolved. They are also not allowed to log into their accounts. While the company's website remains down, physical Victoria's Secret stores remain open, but some functionalities are not working correctly. Stores have not been able to process gift cards, rewards, online orders, returns or store credit cards because of the complication. One staff member, who chose to remain anonymous, told WSYX she and her coworkers fear they won't get paid while the issue continues. Global retail giant Victoria's Secret shut down its website and paused all online orders after the company was hit by a crippling cyber attack 'We're concerned if we're gonna get paid for these days off and if we're even gonna get our paycheck on Friday,' she said. It remains unknown when the issue will be resolved and when corporate employees can return to work. A spokesperson with the company said they hired third-party experts to try and fix the problem, but did not comment further about the specifics of the cyber security attack, NBC News reported. The company operates about 1,350 stores across 70 countries. It's shares closed down about seven percent at $20.99 Wednesday, according to Reuters. contacted Victoria's Secret for comment. News of the attack comes just days after another famed global brand was breached. Adidas confirmed the German sportswear company was hit by a cyber attack Friday. Officials said the cyber criminals were able to steal 'certain consumer data' through a 'third-party customer service provider.' Thankfully, the affected data did not contain passwords, credit card, or any other payment-related information, the brand confirmed. Instead, it mainly consisted of contact information relating to customers who had contacted Adidas' customer service help desk in the past. After becoming aware of the incident last week, Adidas said it 'immediately took steps to contain the incident.' 'We immediately took steps to contain the incident and launched a comprehensive investigation, collaborating with leading information security experts,' it explained on its website. It explained that any customers who have potentially been affected have been contacted. 'Adidas is in the process of informing potentially affected consumers as well as appropriate data protection and law enforcement authorities consistent with applicable law,' it explained. 'We remain fully committed to protecting the privacy and security of our consumers, and sincerely regret any inconvenience or concern caused by this incident.' Two other retailers, Marks & Spencer's and Co-op, were both targeted in major cyber attacks earlier this month. The British-based companies stopped taking orders online for weeks due to the issue.
CBS News
2 days ago
- Business
- CBS News
Victoria's Secret takes down U.S. website after "security incident"
Victoria's Secret has taken down its U.S. website and says some in-store services will also be unavailable as it addresses an unspecified "security incident." A message to customers remained in place of the popular lingerie brand's normal shopping site Thursday, stating that the Ohio-based company had halted these operations "as a precaution." "Our team is working around the clock to fully restore operations," the message read. "We appreciate your patience during this process." Victoria's Secret did not provide many details about the security incident, or directly confirm whether it was a cyber or ransomware attack. "We identified and are taking steps to address a security incident," a Victoria's Secret spokesperson said in a statement to CBS News. "We immediately enacted our response protocols, third-party experts are engaged, and we took down our website and some in store services as a precaution. We are working to quickly and securely restore operations." Victoria's Secret also didn't specify when it first identified the issue and began pulling back services. Most media reports of the retailer's website going dark emerged Wednesday - when the company also shared an update on social media - but some frustrated customers online said they began experiencing issues earlier in the week, as far back as Monday. An FAQ on the corporate site for Victoria's Secret notes that the company doesn't have an estimate for when its site will be back up. Its customer care services were also offline as of Wednesday night. The company added that it is trying to fulfill orders placed before Monday and that it would be extending return windows and some direct mail coupon offers for impacted customers in the U.S. Victoria's Secret said its stores, as well as its PINK brand locations, remain open for customers. But some in-store services - such as returning online orders in person - are unavailable per its customer FAQ. It was not immediately clear if any in-store services in Victoria's Secret locations outside the U.S. were also impacted. But the company's U.K. site appeared uninterrupted Thursday. Bloomberg News reported that Victoria's Secret also stopped some of its office operations and that some employees were locked out of their company email accounts on Wednesday, citing an anonymous source familiar with the matter. Shares for Victoria's Secret tumbled about 4% as of midday Thursday. While not confirmed by the company, the "security incident" impacting Victoria's Secret's operations bears all the hallmarks of a cyberattack. And it arrives as more and more companies report breaches that disrupt operations and/or expose customer data. Last week, for example, Adidas announced that it had recently become aware of an "unauthorized external party" obtaining some consumer data - mostly consisting of contact information - through a third-party customer service provider. The German shoe and clothing company said it would be informing impacted customers and working with law enforcement. And several British retailers - Marks & Spencer, Harrods and Co-op - have all shared that they've been targeted by cyberattacks over recent weeks. The cyberattack hitting M&S stopped it from processing online orders and left store shelves empty, with the company estimating that this will cost it 300 million pounds ($400 million). And following any cybersecurity incident impacting a consumer-facing brand, experts warn that it's important for shoppers to be alert. Fraudsters might promise fake promotions through phishing emails, for example, or use sensitive information that may have been compromised.
Entrepreneur
2 days ago
- Business
- Entrepreneur
Is Victoria's Secret Down? Security Incident Closes Website
The retailer's website is completely dark (well, more like a shade of pink) with online operations in the U.S. shuttered. Victoria's Secret is still completely offline on Thursday, with the website showing only a shade of pink with a text statement. "Valued customer, we identified and are taking steps to address a security incident," the copy reads. "We have taken down our website and some [in-store] services as a precaution. Our team is working around the clock to fully restore operations." Related: Instagram's CEO Says He 'Experienced a Sophisticated Phishing Attack' This Week On Wednesday, Victoria's Secret confirmed that a breach had occurred but did not disclose more information. CNN notes that it is rare for a company of this size to have its website go fully down. The "security incident" also reportedly affected internal operations. Bloomberg reports that some employees were locked out of their emails. Screenshot of Victoria's Secret website at press time According to a note seen by Bloomberg, Victoria's Secret CEO Hillary Super told employees: "Recovery is going to take a while." The company notes on its website that its stores are still open, despite the interruptions. "We appreciate your patience during this process," the statement continues. "In the meantime, our Victoria's Secret and PINK stores remain open, and we look forward to serving you." This is a breaking news story and will be updated.
