Data Breach Notifications

Entity Information

  • Type of Organization: Other Commercial
  • Entity Name: Victoria's Secret Stores Brand Management, LLC
  • Street Address: 3 Limited Parkway
  • City: Columbus
  • State, or Country if outside the US: Ohio
  • Zip Code: 43230

Submitted By

  • Name: Jason M. Beach
  • Title: Counsel
  • Firm name (if different than entity): Hunton Andrews Kurth LLP
  • Telephone Number: 404-888-4219
  • Email Address: jbeach@HuntonAK.com
  • Relationship to entity whose information was compromised: External counsel

Breach Information

  • Total number of persons affected (including residents): 116
  • Total number of Maine residents affected: 3
  • If the number of Maine residents exceeds 1,000, have the consumer reporting agencies been notified:
  • Date(s) Breach Occured: 04/13/2021 to 04/14/2021
  • Date Breach Discovered: 04/13/2021
  • Description of the Breach:
    • Other
    • If other, please specify: On April 13, 2021, Victoria’s Secret (“VS”) learned that an unauthorized party gained access to personal information in certain VS online accounts with associated gift card information. The access window lasted for approximately 11 hours between April 13, 2021 and April 14, 2021. VS believes that the party capitalized on a breach of another company’s system where the customer may have used the same login information. The personal information that could have been accessed was the viewable information in a customer’s VS online account, including, for example, name, email address, postal addresses (if entered), birth day and month (not year), telephone number, and any gift card number and gift card PIN linked to the online account. If the customer elected to save payment card information through their account, only the last four digits of the saved payment card would have been visible. Purchases made in VS stores are not impacted. Additionally, to the extent the customer had a VS Credit Card account, the incident did not involve access to that account. There are three Maine residents affected by this issue with an online account and associated gift card. Promptly after learning of the issue, VS took steps to secure the accounts and determine the nature of the incident. As a further precaution, VS has asked affected customers to change their current password and create a new one for their VS online account, as well as any other accounts for which they use the same or similar username and password. Although VS has no affirmative evidence that gift cards were targeted in this incident, VS is addressing gift card balance validation with its customers. Out of an abundance of caution, VS also has arranged to provide potentially affected shoppers with free identity protection service for one year. Attached for your reference is a copy of the notice being sent to the affected individuals on May 13, 2021.
  • Information Acquired - Name or other personal identifier in combination with:

Notification and Protection Services

  • Type of Notification: Electronic
  • Date(s) of consumer notification: 05/13/2021
  • Copy of notice to affected Maine residents: VS -- Template Customer Notification -- 5-13-21.pdf
  • Date of any previous (within 12 months) breach notifications:
  • Were identity theft protection services offered: Yes
  • If yes, please provide the duration, the provider of the service and a brief description of the service: Out of an abundance of caution, VS has arranged to provide potentially affected customers with free identity protection service through Experian for one year.