Fashion retail giant Victoria’s Secret has delayed its first quarter 2025 earnings release because of ongoing corporate system restoration efforts following a May 24 security incident.
Victoria’s Secret reported an annual revenue of $6.23 billion for the fiscal year ending February 1, 2025, and manages around 1,380 retail stores in nearly 70 countries.
In response to the late May incident, the company took down corporate systems, some in-store services, and the e-commerce website as a precaution on May 26.
A spokesperson told BleepingComputer at the time that Victoria’s Secret had hired external experts to assess the impact of the incident and that they were working to restore operations.
“The website was restored on May 29, 2025 and work is ongoing to restore full access to corporate systems. The incident also affected certain limited functions in Victoria’s Secret and PINK stores, most of which have been restored,” Victoria’s Secret revealed today in a press release.
“The restoration process has prevented employees from accessing certain systems and information needed to support the Company’s release of its financial results for the first quarter ended May 3, 2025. As a result, the Company is postponing the date of its previously announced first quarter 2025 earnings release and earnings call webcast.”
While the company has yet to reveal further details regarding the nature of the incident, today’s press release hints at a ransomware attack with restoration operations in progress.
A Victoria’s Secret spokesperson has yet to reply to a subsequent email from BleepingComputer requesting more information on the nature of the incident.
This follows a series of recent incidents targeting multiple fashion companies, including French luxury fashion brands Dior and Cartier.
German sportswear giant Adidas also revealed a data breach one week ago after threat actors stole some of its customers’ data by hacking a customer service provider.
Over the last several months, another series of attacks linked to the DragonForce ransomware operation and Scattered Spider threat actors targeted retailers across the United Kingdom, including Harrods, Co-op, and Marks & Spencer.
Manual patching is outdated. It’s slow, error-prone, and tough to scale.
Join Kandji + Tines on June 4 to see why old methods fall short. See real-world examples of how modern teams use automation to patch faster, cut risk, stay compliant, and skip the complex scripts.
