Financial giant Victoria's Secret delayed the release of their earnings report due to the ongoing effects of a security breach.

In a series of cyberattacks that have shaken the retail industry, several well-known brands have been targeted in a suspected campaign led by the cybercrime group "Scattered Spider."

The first domino to fall was The North Face, who disclosed a small credential stuffing incident in April, preceding the recent spree of attacks on major retailers in the U.S. The attack led to temporary access restrictions on the website, but it was restored on May 29. However, corporate systems are still under repair.

Adam Marrè, CISO at Arctic Wolf, noted the trend of cyberattacks against retail and fashion brands as particularly alarming due to its scale, coordination, and geographical spread. This suggests a deliberate campaign, Marrè suggested.

The cybercrime group Scattered Spider, active since at least 2022, is believed to consist of young actors from the USA and UK. They employ aggressive social engineering, remote access tools, malware, and ransomware attacks, including BlackCat/ALPHV. Security researchers suspect this group is behind attacks on U.K. retailers such as Harrod's, Marks & Spencer department store chain, and Co-op.

House of Dior is currently investigating a breach that resulted in the theft of customer records. The company is still notifying customers, but financial information was not compromised.

Victoria's Secret is currently assessing the impact of the breach, with the help of its audit committee. Certain functions at Victoria's Secret and PINK retail stores were affected, but most are now operational. The company has postponed the release of its fiscal first quarter earnings report due to the cyberattack.

Adidas confirmed a breach related to the hack of a third-party customer service provider. The breach did not impact the fiscal first quarter, which ended on May 3, and results were near or exceeded the high end of the company's financial outlook.

Cartier disclosed that an unauthorized actor gained temporary access to its systems and stole some customer data. The data breach occurred on May 24, leading to the temporary shutdown of corporate systems and the website.

Mandiant researchers recently warned that the same threat actor was targeting multiple U.S. retailers, but did not name any victims. Mandiant has confirmed that hackers breached multiple U.S. retailers during the recent hacking spree, but did not disclose the names of the affected companies.

The North Face's parent company, VF Corp., disclosed the attack to the Vermont Attorney General. The breach has incurred and will continue to incur expenses that could negatively affect future financial results, including during the fiscal second quarter.

As the retail industry grapples with these attacks, it's clear that cybersecurity remains a critical concern. Brands must continue to invest in robust security measures to protect their customers and their businesses.

Financial giant Victoria's Secret delayed the release of their earnings report due to the ongoing effects of a security breach.