AUC
Company Details
Linkedin ID:
acme-united-corporation
Website:
Employees number:
269
Number of followers:
3,078
NAICS:
None
Industry Type:
Homepage:
acmeunited.com
IP Addresses:
0
Company ID:
ACM_2787365
Scan Status:
In-progress
Acme United Corporation Company CyberSecurity Posture
acmeunited.com
Acme United Corporation For over 150 years, Acme United Corporation, has been a leading worldwide supplier of innovative cutting, measuring, first aid and sharpening products to the school, home, office, hardware, sporting goods and industrial markets with operations in the United States, Canada, Europe (located in Germany) and Asia (located in Hong Kong and China).
Acme United Corporation A.I CyberSecurity Scoring
AUC Risk Score (AI oriented)Between 700 and 749
AUC
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
AUC Global Score (TPRM)XXXX
AUC
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
AUC Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
Acme Corporation
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Acme Corporation recently discovered that an Initial Access Broker (IAB) had quietly penetrated its perimeter via an unpatched VPN endpoint. Over a 21-day reconnaissance period, the broker established multiple backdoors and mapped high-value targets, including databases containing customer profiles, payment records and proprietary designs. Detailed network diagrams and access credentials were packaged and sold on dark-web forums for $75,000. Shortly after the sale, a ransomware gang deployed encryption payloads across Acme’s critical file shares and simultaneously exfiltrated terabytes of customer data. Operations ground to a halt as production servers and order-fulfillment systems were locked, leading to a multi-day outage. The gang also published sensitive customer records and forced Acme to engage a third-party negotiator, ultimately paying a ransom to curb further leaks. The incident devastated customer trust and triggered regulatory investigations under data-protection laws. Post-incident analysis revealed that a combination of outdated remote-access software, insufficient network segmentation and a lack of advanced threat hunting enabled the broker’s long-term persistence. Acme has since overhauled its patch management, deployed real-time endpoint monitoring and tightened remote access policies, but the financial and reputational damage is still being calculated.
AUC Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for AUC
Incidents vs Consumer Goods Industry Average (This Year)
No incidents recorded for Acme United Corporation in 2026.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Acme United Corporation in 2026.
Incident Types AUC vs Consumer Goods Industry Avg (This Year)
No incidents recorded for Acme United Corporation in 2026.
Incident History — AUC (X = Date, Y = Severity)
AUC cyber incidents detection timeline including parent company and subsidiaries
AUC Company Subsidiaries
Acme United Corporation For over 150 years, Acme United Corporation, has been a leading worldwide supplier of innovative cutting, measuring, first aid and sharpening products to the school, home, office, hardware, sporting goods and industrial markets with operations in the United States, Canada, Europe (located in Germany) and Asia (located in Hong Kong and China).
Loading...
AUC Similar Companies
Culligan International
There’s nothing more fundamental to life on Earth than water. That’s why Culligan believes if we can transform water, we can transform the world. With better science and better service, we change what’s possible for more people. Better drinking water for more neighborhoods and families. More s
Orang Tua Group
Selama lebih dari setengah abad, kami telah mengolah bahan-bahan dari sumber alam menjadi produk-produk berkualitas pilihan konsumen. Berawal dari produk minuman kesehatan dgn ramuan alamiah yg diolah secara tradisional, produk-produk kami berkembang semakin modern, canggih, praktis, & efisien sesua
.png)
AUC CyberSecurity News
December 16, 2025 08:00 AM
Safety gear supplier Acme United will pay cash to shareholders
Acme United Corporation (NYSE American: ACU) declared a cash dividend of $0.16 per share. The dividend is payable on January 27,...
July 30, 2025 07:00 AM
Acme United’s Westcott® Brand Launches First Ever National Scissors Day™ on August 1, 2025
SHELTON, Conn., July 30, 2025 (GLOBE NEWSWIRE) -- Acme United Corporation (NYSE American: ACU), a global leader in cutting tools,...
July 23, 2025 07:00 AM
Acme United Reports Record Net Income for Second Quarter of 2025
SHELTON, Conn., July 23, 2025 (GLOBE NEWSWIRE) -- Acme United Corporation (NYSE American: ACU) today announced that net sales for the...
July 15, 2025 07:00 AM
Acme United Acquires Manufacturing and Distribution Facility in Tennessee
Acme United Corporation (NYSE American: ACU) announces the purchase of a manufacturing and distribution center in Mt. Pleasant,...
September 04, 2024 07:00 AM
BC3 Technologies Partners with First Aid Only to Distribute its SEAL Hemostatic Wound Spray
Over 1,000 Suppliers Will Distribute Only Aerosolized Chitosan for Managing Bleeding. BC3 Technologies, a privately held medical device...
March 17, 2022 08:47 PM
PhysiciansCare Brand Over-The-Counter Drugs Recalled Over Child-Resistant Packaging Concerns
Acme United Corporation has initiated a recall for around 165000 of its PhysiciansCare brand over-the-counter drugs after discovering their packaging did...
February 03, 2016 08:00 AM
Acme United Acquires Diamond Machining Technology
Acme United Corporation has acquired the assets of Vogel Capital, Inc. – which does business as Diamond Machining Technology (DMT) – for $7.0 million in cash.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
AUC CyberSecurity History Information
Official Website of Acme United Corporation
The official website of Acme United Corporation is http://www.acmeunited.com.
Acme United Corporation’s AI-Generated Cybersecurity Score
According to Rankiteo, Acme United Corporation’s AI-generated cybersecurity score is 707, reflecting their Moderate security posture.
How many security badges does Acme United Corporation’ have ?
According to Rankiteo, Acme United Corporation currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Has Acme United Corporation been affected by any supply chain cyber incidents ?
According to Rankiteo, Acme United Corporation has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.
Does Acme United Corporation have SOC 2 Type 1 certification ?
According to Rankiteo, Acme United Corporation is not certified under SOC 2 Type 1.
Does Acme United Corporation have SOC 2 Type 2 certification ?
According to Rankiteo, Acme United Corporation does not hold a SOC 2 Type 2 certification.
Does Acme United Corporation comply with GDPR ?
According to Rankiteo, Acme United Corporation is not listed as GDPR compliant.
Does Acme United Corporation have PCI DSS certification ?
According to Rankiteo, Acme United Corporation does not currently maintain PCI DSS compliance.
Does Acme United Corporation comply with HIPAA ?
According to Rankiteo, Acme United Corporation is not compliant with HIPAA regulations.
Does Acme United Corporation have ISO 27001 certification ?
According to Rankiteo,Acme United Corporation is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Acme United Corporation
Acme United Corporation operates primarily in the Consumer Goods industry.
Number of Employees at Acme United Corporation
Acme United Corporation employs approximately 269 people worldwide.
Subsidiaries Owned by Acme United Corporation
Acme United Corporation presently has no subsidiaries across any sectors.
Acme United Corporation’s LinkedIn Followers
Acme United Corporation’s official LinkedIn profile has approximately 3,078 followers.
NAICS Classification of Acme United Corporation
Acme United Corporation is classified under the NAICS code None, which corresponds to Others.
Acme United Corporation’s Presence on Crunchbase
No, Acme United Corporation does not have a profile on Crunchbase.
Acme United Corporation’s Presence on LinkedIn
Yes, Acme United Corporation maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/acme-united-corporation.
Cybersecurity Incidents Involving Acme United Corporation
As of January 23, 2026, Rankiteo reports that Acme United Corporation has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
Acme United Corporation has an estimated 1,637 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Acme United Corporation ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
How does Acme United Corporation detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an third party assistance with third-party negotiator, and remediation measures with overhauled patch management, remediation measures with deployed real-time endpoint monitoring, remediation measures with tightened remote access policies..
Incident Details
Can you provide details on each incident ?
Title: Acme Corporation Ransomware Attack
Description: Acme Corporation recently discovered that an Initial Access Broker (IAB) had quietly penetrated its perimeter via an unpatched VPN endpoint. Over a 21-day reconnaissance period, the broker established multiple backdoors and mapped high-value targets, including databases containing customer profiles, payment records and proprietary designs. Detailed network diagrams and access credentials were packaged and sold on dark-web forums for $75,000. Shortly after the sale, a ransomware gang deployed encryption payloads across Acme’s critical file shares and simultaneously exfiltrated terabytes of customer data. Operations ground to a halt as production servers and order-fulfillment systems were locked, leading to a multi-day outage. The gang also published sensitive customer records and forced Acme to engage a third-party negotiator, ultimately paying a ransom to curb further leaks. The incident devastated customer trust and triggered regulatory investigations under data-protection laws. Post-incident analysis revealed that a combination of outdated remote-access software, insufficient network segmentation and a lack of advanced threat hunting enabled the broker’s long-term persistence. Acme has since overhauled its patch management, deployed real-time endpoint monitoring and tightened remote access policies, but the financial and reputational damage is still being calculated.
Type: Ransomware Attack
Attack Vector: Unpatched VPN endpoint
Vulnerability Exploited: Unpatched VPN endpoint
Threat Actor: Initial Access Broker (IAB) and Ransomware Gang
Motivation: Financial Gain
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Unpatched VPN endpoint.
Impact of the Incidents
What was the impact of each incident ?
Incident : Ransomware Attack ACM521050725
Data Compromised: Customer profiles, Payment records, Proprietary designs
Systems Affected: critical file sharesproduction serversorder-fulfillment systems
Downtime: Multi-day outage
Operational Impact: Operations ground to a halt
Brand Reputation Impact: Devastated customer trust
Legal Liabilities: Triggered regulatory investigations under data-protection laws
Payment Information Risk: Payment records
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Customer Profiles, Payment Records, Proprietary Designs and .
Which entities were affected by each incident ?
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Ransomware Attack ACM521050725
Third Party Assistance: Third-party negotiator
Remediation Measures: Overhauled patch managementDeployed real-time endpoint monitoringTightened remote access policies
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through Third-party negotiator.
Data Breach Information
What type of data was compromised in each breach ?
Incident : Ransomware Attack ACM521050725
Type of Data Compromised: Customer profiles, Payment records, Proprietary designs
Sensitivity of Data: High
Data Exfiltration: Terabytes of customer data
Personally Identifiable Information: Customer profiles
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Overhauled patch management, Deployed real-time endpoint monitoring, Tightened remote access policies, .
Ransomware Information
Was ransomware involved in any of the incidents ?
Incident : Ransomware Attack ACM521050725
Data Encryption: Encryption payloads deployed across critical file shares
Data Exfiltration: Terabytes of customer data
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Ransomware Attack ACM521050725
Regulations Violated: Data-protection laws
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : Ransomware Attack ACM521050725
Lessons Learned: Outdated remote-access software, insufficient network segmentation and a lack of advanced threat hunting enabled the broker’s long-term persistence.
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are Outdated remote-access software, insufficient network segmentation and a lack of advanced threat hunting enabled the broker’s long-term persistence.
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Ransomware Attack ACM521050725
Entry Point: Unpatched VPN endpoint
Reconnaissance Period: 21 days
Backdoors Established: Multiple
High Value Targets: Customer Profiles, Payment Records, Proprietary Designs,
Data Sold on Dark Web: Customer Profiles, Payment Records, Proprietary Designs,
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Ransomware Attack ACM521050725
Root Causes: Outdated Remote-Access Software, Insufficient Network Segmentation, Lack Of Advanced Threat Hunting,
Corrective Actions: Overhauled Patch Management, Deployed Real-Time Endpoint Monitoring, Tightened Remote Access Policies,
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Third-party negotiator.
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Overhauled Patch Management, Deployed Real-Time Endpoint Monitoring, Tightened Remote Access Policies, .
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident was an Initial Access Broker (IAB) and Ransomware Gang.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were customer profiles, payment records, proprietary designs and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was critical file sharesproduction serversorder-fulfillment systems.
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was Third-party negotiator.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were payment records, proprietary designs and customer profiles.
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Outdated remote-access software, insufficient network segmentation and a lack of advanced threat hunting enabled the broker’s long-term persistence.
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker was an Unpatched VPN endpoint.
What was the most recent reconnaissance period for an incident ?
Most Recent Reconnaissance Period: The most recent reconnaissance period for an incident was 21 days.
.png)
Latest Global CVEs (Not Company-Specific)
Description
Improper validation of specified type of input in M365 Copilot allows an unauthorized attacker to disclose information over a network.
Risk Information
cvss3
Base: 9.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
Description
Improper access control in Azure Front Door (AFD) allows an unauthorized attacker to elevate privileges over a network.
Risk Information
cvss3
Base: 9.8
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Description
Azure Entra ID Elevation of Privilege Vulnerability
Risk Information
cvss3
Base: 9.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
Description
Moonraker is a Python web server providing API access to Klipper 3D printing firmware. In versions 0.9.3 and below, instances configured with the "ldap" component enabled are vulnerable to LDAP search filter injection techniques via the login endpoint. The 401 error response message can be used to determine whether or not a search was successful, allowing for brute force methods to discover LDAP entries on the server such as user IDs and user attributes. This issue has been fixed in version 0.10.0.
Risk Information
cvss4
Base: 2.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Runtipi is a Docker-based, personal homeserver orchestrator that facilitates multiple services on a single server. Versions 3.7.0 and above allow an authenticated user to execute arbitrary system commands on the host server by injecting shell metacharacters into backup filenames. The BackupManager fails to sanitize the filenames of uploaded backups. The system persists user-uploaded files directly to the host filesystem using the raw originalname provided in the request. This allows an attacker to stage a file containing shell metacharacters (e.g., $(id).tar.gz) at a predictable path, which is later referenced during the restore process. The successful storage of the file is what allows the subsequent restore command to reference and execute it. This issue has been fixed in version 4.7.0.
Risk Information
cvss3
Base: 8.0
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=acme-united-corporation' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
