P2022-ND-052

Victoria's Secret Stores Brand Management

Between June 5, 2021 and June 6, 2021, the Organization learned that an unauthorized party gained access to personal information in certain online accounts. The Organization determined that the unauthorized access to the online accounts was caused by a credential stuffing bot attack. The Organization reported that the incident did not arise based on a breach of its security safeguards. It reported that the incident involved the apparent reuse of credentials (usernames and passwords) that may have been obtained in third-party hacking incidents in an attempt to access the online accounts of its users who use the same username and password on multiple websites.

File Type: pdf
Categories: 2022
Tags: Unauthorized access