NEW YORK (AP) -- Victoria's Secret (VSCO) will postpone the launch of its quarterly earnings after a security breach of the popular lingerie brand's corporate business and resulted in its removal of its U.S. shopping site for a few days last week.
Victoria's Secret said in an update Tuesday that it first detected "security incidents involving its information technology systems" on May 24 and immediately turned to the response protocol in effect "curb and eliminate unauthorized network access," which included interactions with third-party experts.
The Ohio-based retailer added that it temporarily shut down its corporate system and its retail website on May 26 as “precautions.” Victoria's Secret website spent a few days in the United States, causing frustration among shoppers. I didn't return online until Thursday night.
Although not directly confirmed by Victoria's Secret, the incident is a sign of a cyber attack involving ransomware. Analysts point out that more retailers are facing such attacks today, pointing to the damage and length of impacting Victoria's Secret business.
Outside its website, some in-store services were also closed due to violations of Victoria's Secret Secretake and Pink Brands. But on Tuesday, the company said most features have been restored since then.
Victoria's Secret also said Tuesday it is still working to fully resume access to the company's systems, which is why it delayed its first-quarter earnings, noting that the process "blocks employees to access certain systems and information" to finalize and release financial reports.
Nevertheless, the company shared some preliminary results. Victoria's Secret expects net sales of $1.35 billion in the first quarter of 2025 and adjusted operating income of $32 million, surpassing previously released guidance. Analysts surveyed by FACTSET expect sales to average about $1.33 billion.
Victoria's Secret did not immediately share a new date for posting first-quarter earnings.
Victoria's Secret insists that last month's violations did not affect its first quarter results, as the time ended before the violation caused interruptions. But the company said it will continue to "evaluate the full scope of the incident" including expenses that could affect future finances.
As more companies report violations that disrupt operations and/or reveal customer data, especially among retailers, more and more companies are reporting “security incidents” that affect Victoria Secret.
For example, several UK retailers - Marks & Spencer, Harrods and Co-Op - all share what they have been targeted by cyber attacks in recent weeks. The cyber attack that hit M&S made it unable to process online orders and left the shelves empty, which the company estimates would cost £300 million ($400 million).
Last month, Adidas announced it had recently realized a “unauthorized external party” that has obtained some consumer data (mainly composed of contact information) through third-party customer service providers.
After any cybersecurity incident that affects consumer-facing brands, experts warn that it is important for shoppers to stay alert. Fraudsters may use news to commit fake promotions through phishing emails, or use sensitive information that may have been compromised.