Incident Types: The types of cybersecurity incidents that have occurred include Breach and Cyber Attack.

Total Financial Loss: The total financial loss from these incidents is estimated to be $0.

Detection and Response: The company detects and responds to cybersecurity incidents through an incident response plan activated with yes, and third party assistance with yes, and containment measures with shut down corporate systems and e-commerce website, and recovery measures with restored all critical systems, and communication strategy with public disclosure, communication strategy with sec filing, and remediation measures with advised customers to change their passwords and monitor their accounts for suspicious activity, and victorias secret with yes (website shutdown, containment measures), the north face with none, cartier with none, and victorias secret with ['website shutdown', 'pause of some in-store services'], the north face with none, cartier with none, and victorias secret with ['system restoration', 'extended return/coupon windows'], the north face with none, cartier with none, and victorias secret with ['website restored by 2025-05-30', 'financial reporting delayed to 2025-06-11'], the north face with none, cartier with none, and victorias secret with ['public statement (2025-05-30)', 'faq page for customers', 'delayed earnings announcement'], the north face with ['customer email notification'], cartier with ['customer email notification']..

Common Attack Types: The most common types of attacks the company has faced is Cyber Attack.

Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Spear-phishing and Exploited VPN credentials.

Average Financial Loss: The average financial loss per incident is $0.00.

Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Personal Information, , Customer data, Corporate documents, Server listings, Court filings, Victorias Secret: None, The North Face: ['Names', 'Emails'], Cartier: ['Names', 'Emails', 'Products purchased', 'Shipping addresses', 'Birth dates', 'Telephone numbers'] and .

Incident Response Plan: The company's incident response plan is described as Yes, victorias_secret: Yes (website shutdown, containment measures), .

Third-Party Assistance: The company involves third-party assistance in incident response through Yes.

Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Advised customers to change their passwords and monitor their accounts for suspicious activity, , victorias_secret: ['System restoration', 'extended return/coupon windows'], .

Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by shut down corporate systems and e-commerce website, , victorias_secret: ['website shutdown', 'pause of some in-store services'] and .

Data Recovery from Ransomware: The company recovers data encrypted by ransomware through restored all critical systems, , victorias_secret: ['Website restored by 2025-05-30', 'financial reporting delayed to 2025-06-11'], .

Key Lessons Learned: The key lessons learned from past incidents are Retailers are high-value targets for cyber attacks due to vast customer data repositories.,Third-party vendor risks (e.g., Adidas’ customer service provider breach) underscore the need for supply chain cybersecurity oversight.,Credential stuffing remains a persistent threat, emphasizing the need for multi-factor authentication (MFA) and password hygiene.,Proactive incident response plans and customer communication strategies are critical to mitigating reputational and financial damage.,Coordinated attacks on the retail sector suggest potential campaign-style threats requiring industry-wide collaboration.

Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: BleepingComputer, and Source: Victoria's Secret Breach NotificationDate Accessed: 2021-05-13, and Source: DataBreaches.net, and Source: Retail TouchPointsDate Accessed: 2025-06-13, and Source: Victoria’s Secret Corporate FAQDate Accessed: 2025-06-11, and Source: The Guardian (Marks & Spencer attack coverage), and Source: Fastly Research (Retail Cybersecurity Report).

Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Public Disclosure, Sec Filing, Victorias Secret: ['Public statement (2025-05-30)', 'FAQ page for customers', 'delayed earnings announcement'], The North Face: ['Customer email notification'] and Cartier: ['Customer email notification'].

Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Advised Customers To Change Their Passwords And Monitor Their Accounts For Suspicious Activity, , Victoria’S Secret Delayed Q1 2025 Earnings Announcement (2025-06-11) With Disclosure Of $20M Q2 Impact., Extended Return And Coupon Redemption Windows For Affected Customers., Victorias Secret: ['Website outage notifications (2025-05-26–29)', 'FAQ page with extended policies'], The North Face: ["Email notification to customers about 'small-scale' attack and stolen data (names/emails)"], Cartier: ['Email notification about unauthorized access and compromised PII (names, addresses, etc.)'] and .

Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Victorias Secret: ['System restoration', 'financial reporting delays', 'customer policy extensions'], The North Face: None, Cartier: None, .

Last Attacking Group: The attacking group in the last incident were an Scattered Spider, ShinyHunters and Lapsus$.

Most Recent Incident Detected: The most recent incident detected was on 2025-05-24.

Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on {'victorias_secret': '2025-05-30', 'the_north_face': '2025-06-04', 'cartier': '2025-06-04'}.

Most Recent Incident Resolved: The most recent incident resolved was on [{'victorias_secret': '2025-05-30 (website restored)', 'the_north_face': None, 'cartier': None}].

Highest Financial Loss: The highest financial loss from an incident was [{'victorias_secret': '$20 million (Q2 net sales impact)', 'the_north_face': None, 'cartier': None}].

Most Significant Data Compromised: The most significant data compromised in an incident were names, email addresses, postal addresses, birthdays (month and day), telephone numbers, linked gift card details, , Customer data, Corporate documents, Server listings, Court filings, The North Face: Customer names and emails, Cartier: Customer names, emails, products purchased, shipping addresses, birth dates, telephone numbers and .

Most Significant System Affected: The most significant system affected in an incident were corporate systemse-commerce websitesome in-store services and V, i, c, t, o, r, i, a, s, , S, e, c, r, e, t, :, , W, e, b, s, i, t, e, ,, , C, u, s, t, o, m, e, r, , C, a, r, e, , S, e, r, v, i, c, e, s, ,, , s, o, m, e, , i, n, -, s, t, o, r, e, , s, y, s, t, e, m, s, ,, T, h, e, , N, o, r, t, h, , F, a, c, e, :, , W, e, b, s, i, t, e, ,, C, a, r, t, i, e, r, :, , I, n, t, e, r, n, a, l, , s, y, s, t, e, m, s, , (, t, e, m, p, o, r, a, r, y, , a, c, c, e, s, s, ), ,, .

Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident were shut down corporate systems and e-commerce website, Victorias Secret: ['Website shutdown', 'pause of some in-store services'] and .

Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Customer data, Corporate documents, Server listings, Court filings, email addresses, linked gift card details, The North Face: Customer names and emails, , birthdays (month and day), Cartier: Customer names, emails, products purchased, shipping addresses, birth dates, telephone numbers, , telephone numbers, postal addresses and names.

Most Significant Lesson Learned: The most significant lesson learned from past incidents was Coordinated attacks on the retail sector suggest potential campaign-style threats requiring industry-wide collaboration.

Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Develop and test incident response plans, including website takedown procedures and customer notification templates., Invest in adaptive security measures (e.g., behavioral WAFs, network segmentation) to detect and contain breaches early., Implement MFA and passwordless authentication to combat credential stuffing., Prioritize transparency in post-incident communications to maintain customer trust. and Conduct third-party cybersecurity audits for vendors with access to customer data..

Most Recent Source: The most recent source of information about an incident are The Guardian (Marks & Spencer attack coverage), DataBreaches.net, Victoria's Secret Breach Notification, Fastly Research (Retail Cybersecurity Report), Victoria’s Secret Corporate FAQ, BleepingComputer and Retail TouchPoints.

Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing.

Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was Victoria’s Secret delayed Q1 2025 earnings announcement (2025-06-11) with disclosure of $20M Q2 impact., Extended return and coupon redemption windows for affected customers., .

Most Recent Customer Advisory: The most recent customer advisory issued were an Advised customers to change their passwords and monitor their accounts for suspicious activity, victorias_secret: ['Website outage notifications (2025-05-26–29)', 'FAQ page with extended policies'], the_north_face: ["Email notification to customers about 'small-scale' attack and stolen data (names/emails)"], cartier: ['Email notification about unauthorized access and compromised PII (names, addresses, etc.)'] and .

Most Recent Entry Point: The most recent entry point used by an initial access broker were an Spear-phishing and Exploited VPN credentials.

Most Significant Root Cause: The most significant root cause identified in post-incident analysis was Spear-phishing, Exploited VPN credentials, Windows kernel vulnerabilities, the_north_face: Credential stuffing due to reused customer passwords from prior breaches, cartier: Unauthorized system access (method unspecified), .

Most Significant Corrective Action: The most significant corrective action taken based on post-incident analysis was victorias_secret: ['System restoration', 'financial reporting delays', 'customer policy extensions'], .