The cyberattack disrupted online sales for days and sent the lingerie company’s share price lower.
Victoria’s Secret’s website remained offline on Thursday, days after the lingerie company was hit by a cyberattack that has disrupted its online sales and sent its stock price lower.
The company said that it had taken its website and some in-store services down as a precaution, with teams working around the clock to restore operations. Its physical stores remained open.
As of Thursday morning, Victoria’s Secret’s share price had fallen 8 percent since Tuesday. The company did not confirm when the security incident took place, but shoppers reported seeing effects of the outage on social media earlier this week. It was unclear who perpetrated the attack on Victoria’s Secret, which is based in Reynoldsburg, Ohio.
The cyberattack was the latest example of a high-profile digital breach at a major retailer, raising questions about companies’ preparedness and the security of customer data.
Earlier this month, Marks & Spencer, the large British retailer, was hit by a cyberattack that left the company unable to process online orders for weeks. The company told customers that some personal customer data had been taken, though not usable card or payment details or account passwords. It said there was no evidence that the data had been shared, but said it was prompting customers to change their passwords regardless.
Also in late April, Harrods, the luxury department store based in Britain, experienced brief disruptions, restricting internet access at its sites as a security measure.
Ransomware attacks, which can disrupt services in addition to stealing customer data, have increased in recent years. Organizations across sectors have been targeted, including hospitals.
Cody Barrow, the chief executive of Eclectic IQ, a cybersecurity services company, said the attack on Victoria’s Secret could underscore the vulnerability of retailers, many of whom rely on third party systems, such as payment providers.
“To me what it says is that retailers are still not segmenting systems well enough to contain incidents,” Mr. Barrow said. “Third parties are the biggest blind spot right now, especially for retailers.”