Victoria’s Secret Hacked: Why Your Supply Chain Is Ransomware’s New Target in 2025

As a senior leader, you are acutely aware of your organization's significant investment in cybersecurity measures such as firewalls, endpoint detection, and multi-factor authentication. However, the alarming cyber incident that incapacitated Victoria’s Secret’s website in May 2025 serves as a stark reminder that no entity is immune to threats. This suspected ransomware attack, part of a troubling trend affecting the retail sector—including notable breaches at Marks & Spencer and Harrods—highlights a critical vulnerability: your supply chain. This reality should be a source of concern, as it underscores the need for vigilance and proactive measures.

Ransomware has evolved beyond merely locking systems; it now represents a calculated business strategy that exploits the weakest links in your operations. The incident involving Victoria’s Secret, which severely impacted its $2 billion online business, likely originated from a vulnerability within a third-party supplier, a tactic mirrored in the Marks & Spencer breach that incurred £300 million in losses. The UK Cyber Security Breaches Survey 2025 reveals that a mere 14% of businesses assess the cybersecurity of their immediate suppliers, creating significant exposure. Social media discussions indicate that ransomware groups like DragonForce and RansomHub are increasingly targeting unpatched systems and compromised credentials through supply chains, with a staggering 126% increase in attacks reported in the first quarter of 2025. The consequences of these attacks can be catastrophic, as hackers infiltrate vendors to steal data or encrypt systems, often employing double extortion tactics to leak sensitive information if their demands are not met. For Victoria’s Secret, this resulted in days of downtime, shaken investor confidence, and a 7% drop in stock value. For your organization, the stakes are equally high, potentially leading to millions in losses, regulatory penalties, or diminished customer trust. The uncertainty surrounding which vendor may be your weak link is palpable; without clear visibility, you are essentially risking your business's future.

The effectiveness of your cybersecurity strategy hinges on the commitment of your leadership. A recent UK survey revealed a concerning decline, with only 27% of businesses having a board member dedicated to cybersecurity, down from 38% in 2021. This lack of oversight can lead to significant vulnerabilities, particularly within supply chains, as leaders often mistakenly believe that their vendors are secure or that IT departments are managing all risks. Ransomware groups exploit this complacency, and PwC’s 2025 Global Digital Trust Insights Survey indicates that a mere 2% of executives feel their organizations have fully integrated cyber resilience. Without proper training, leaders struggle to connect technical risks with their business implications, leaving them uncertain about how to engage with vendors or prioritize cybersecurity investments. This uncertainty can lead to critical vulnerabilities—can you truly trust your supply chain? Are your defenses adequate? A single miscalculation could have devastating consequences.

We provide consulting services designed to help leaders navigate these challenges and fortify their supply chains against ransomware threats. Our supply chain risk assessments meticulously map your vendor ecosystem, pinpoint vulnerabilities, and evaluate third-party security practices to ensure that no weak link is overlooked. We also offer leadership training programs that empower C-suite executives and board members with the necessary skills to oversee cybersecurity effectively, translating risks into business language and fostering accountability across all departments. Additionally, our cyber tabletop exercises, based on insights from over 400 successful simulations, prepare your organization to respond to supply chain ransomware attacks, enhancing both confidence and resilience.

The time to act is now—don’t wait until your organization becomes the next headline. Victoria’s Secret believed they were secure, only to discover a critical gap in their supply chain. With ransomware attacks surging by 149% in the US in early 2025, your organization could be at risk. Don’t let uncertainty hold you back; collaborate with us to identify hidden risks and equip your leaders to respond decisively. Contact us today for a complimentary consultation.