Victoria’s Secret Delays Earnings Report Following Cybersecurity Breach

Sophia Reyes · June 3, 2025 1:03 PM

Victoria’s Secret & Co. (NYSE: VSCO) has postponed the release of its quarterly earnings after experiencing a cybersecurity breach that disrupted corporate operations and led to a temporary shutdown of its U.S. e-commerce website.

In an update released Tuesday, the company disclosed that it detected a “security incident involving its information technology systems” on May 24. Victoria’s Secret said it immediately activated its response protocols, which included engaging third-party cybersecurity experts to contain and eliminate unauthorized access.

As a precaution, the Ohio-based retailer shut down key corporate systems and its online shopping platform on May 26. The U.S. website remained offline for several days, only resuming service late Thursday. The incident also affected some in-store services at both Victoria’s Secret and Pink-branded retail locations, although the company confirmed that most of those functions have since been restored.

While Victoria’s Secret did not officially confirm the nature of the breach, analysts believe it was consistent with a ransomware-style cyberattack—an increasingly common threat in the retail sector. The duration and breadth of the disruptions suggest a serious compromise of internal systems.

The company said the breach has hindered employees’ access to critical systems and data needed to complete its first-quarter financial report. As a result, the release of its Q1 2025 earnings has been delayed. A new reporting date has not yet been announced.

Despite the disruption, Victoria’s Secret shared preliminary results for the first fiscal quarter, which ended May 3—prior to the breach. The company expects net sales of approximately $1.35 billion and adjusted operating income of $32 million, outperforming prior guidance. Analysts surveyed by FactSet had projected revenue closer to $1.33 billion.

Victoria’s Secret emphasized that the cyber incident did not affect its Q1 results but acknowledged it is still assessing the full scope and financial implications of the breach, including any potential future costs.

The attack on Victoria’s Secret comes amid a wave of cybersecurity incidents targeting major retailers worldwide. In recent weeks, UK-based companies such as Marks & Spencer, Harrods, and Co-op have also reported cyberattacks, with M&S estimating a $400 million loss due to the resulting operational disruptions. Adidas also recently revealed that a third-party service provider exposed customer data to unauthorized actors.

Cybersecurity experts caution consumers to remain vigilant following such incidents. Bad actors may exploit the news by distributing phishing emails or fake promotional offers, potentially using stolen personal information to deceive customers.