Victoria’s Secret temporarily shut down its US website and some in-store services this week due to a security incident, which the company has not yet fully detailed. The disruption began around Memorial Day, leading to widespread customer frustration, especially during ongoing sales.

The company confirmed it had enacted emergency response protocols and hired third-party cybersecurity experts to investigate. “We have taken down our website and some in-store services as a precaution. Our team is working around the clock to fully restore operations” the company’s notice stated.

While physical Victoria’s Secret and PINK stores remained open, certain services, like online order returns and customer support, were unavailable. Employees also faced issues, with some locked out of email accounts and office systems.

No timeline has been provided for a full recovery, but CEO Hillary Super told staff that “recovery is going to take a while.” The company has extended return windows and coupon offers for affected customers. Shares of Victoria’s Secret dropped nearly 7% following the incident.

Experts warn that this breach fits a growing pattern of cyberattacks targeting major retailers, with some suggesting the tactics used resemble those of the Scattered Spider group, which has previously targeted companies like Marks & Spencer and Harrods. Adidas and Dior have experienced similar attacks recently as well.