The U.S. website of Victoria’s Secret is down after an unspecified security incident, the latest in a series of cyber incidents hitting retailers.
A status message on the Victoria’s Secret website says the company “identified and are taking steps to address a security incident. We have taken down our website and some in store services as a precaution. Our team is working around the clock to fully restore operations.”
Victoria’s Secret and PINK stores remain open, the status message reads.
It is not clear what type of security incident was involved or whether customer data was affected. In a statement to The Cyber Express, a Victoria’s Secret spokesperson said the company “immediately enacted our response protocols” and engaged “third-party experts” for assistance.
“We are working to quickly and securely restore operations,” the spokesperson added.
Victoria’s Secret Latest Retail Cyber Incident
The Victoria’s Secret website incident is the latest in a string of cyber incidents hitting retailers in recent weeks.
The cyber spree targeting retailers began in late April, when three UK retailers were hit in a matter of days. Those attacks have been attributed to the Scattered Spider threat group and reportedly involved the deployment of DragonForce ransomware.
Other recent cybersecurity incidents have affected Dior and Adidas, and Google warned in mid-May that Scattered Spider was apparently targeting U.S. retailers.
Victoria’s Secret, which has generated more than $6 billion in sales in the last year, saw its shares (NYSE:VSCO) fall more than 10% since news of the security incident broke on Wednesday. Bloomberg reported that an internal company communication said recovery from the security incident could take “awhile.”
Defending Against Scattered Spider
After the UK retail incidents, the UK’s National Cyber Security Centre issued guidance for retailers to protect their operations from cyberattacks. Those steps include:
- Using multi-factor authentication
- Monitoring for signs of account misuse, such as “risky logins” within Microsoft Entra ID Protection
- Monitoring Domain Admin, Enterprise Admin, and Cloud Admin accounts and making sure that any access is legitimate
- Review helpdesk password reset processes, including procedures for authenticating staff credentials before resetting passwords
- Making sure that security operation centers can identify suspicious logins, such as from VPN services in residential ranges
- Following tactics, techniques, and procedures sourced from threat intelligence “whilst being able to respond accordingly.”
Google has also issued recent guidance for defending against Scattered Spider attacks.
Source: Read More