American Freight Appliances & Furniture Company CyberSecurity Posture
americanfreight.com
At American Freight we offer high-quality furniture, mattresses and appliances at everyday low prices through our direct-to-consumer, warehouse-style stores and e-commerce site. With more than 5 million satisfied customers, we have built a strong legacy of helping customers save money since 1994. We have over 370 U.S. locations across 40 states, where customers can purchase new and open-box items and “take them home today.” We also provide an array of flexible financing options and extended warranties. To learn more about us and see our great products visit AmericanFreight.com.
Company Details
american-freight-furniture-and-mattress
1,601
9,212
337
americanfreight.com
0
AME_1140964
In-progress
AFAF Risk Score (AI oriented)Between 750 and 799
AFAF Global Score (TPRM)XXXX
Description: The Maine Office of the Attorney General reported on August 24, 2021, that American Freight experienced a data breach due to unauthorized access to employees’ email accounts between November 24, 2020, and December 9, 2020. This breach potentially affected 36,829 individuals and specifically compromised the personal information of 59 Maine residents, including names, Social Security numbers, financial account numbers, and payment card numbers. American Freight has offered a complimentary one-year membership in credit monitoring and identity protection services through Kroll.
No incidents recorded for American Freight Appliances & Furniture in 2025.
No incidents recorded for American Freight Appliances & Furniture in 2025.
No incidents recorded for American Freight Appliances & Furniture in 2025.
AFAF cyber incidents detection timeline including parent company and subsidiaries
At American Freight we offer high-quality furniture, mattresses and appliances at everyday low prices through our direct-to-consumer, warehouse-style stores and e-commerce site. With more than 5 million satisfied customers, we have built a strong legacy of helping customers save money since 1994. We have over 370 U.S. locations across 40 states, where customers can purchase new and open-box items and “take them home today.” We also provide an array of flexible financing options and extended warranties. To learn more about us and see our great products visit AmericanFreight.com.
Nugget is a kids furniture company with a mission of making furniture for growing imaginations. For us, furniture isn’t just something to sit on — it can be a source of creativity, exploration, and fun. Our first product, The Nugget, blends elements of toy and furniture, opening new worlds of indoo
Over our 40-year history, Nevers has established an impressive legacy of beautifully crafted commercial furniture for some of the country’s most prestigious offices. From the Pentagon and Camp David to America’s Fortune 100 and 500 companies, our fit-for-performance solutions fuel workplace producti
Founded as a result of our desire to provide access to high quality, unique home products with the extensive use of specialty materials from around the world. Shadow Mountain is a full line of imported and USA made products of unique Bedroom, Dining Room, Occasional, Upholstery, Area Rugs, Accent
Patioworld is California's leading retailer of luxury outdoor furniture by the world's top designers - including Brown Jordan, Castelle, Gloster, Kettler, Lane Venture, Les Jardins, and Tropitone. We carry a broad selection of fine outdoor furniture, tents, umbrellas, accessories, home decor, and mo
MDF Italia is a Milan-based design company. Founded by Bruno Fattorini in 1992 and now run by the Cassina family, we create and produce designer items and furnishings characterised by design challenge and essentiality of form. MDF Italia products live in the most diverse contexts, thanks to a univ
For 50 years, Falcon Products has been the go to resource for designers, architects and facility managers interested in high-quality table and seating products. Part of CFGroup’s portfolio of commercial furniture brands, Falcon Products serves a wide variety of clients, including those in the corp
.png)
Appliance and furniture chain American Freight said it will lay off 19 executives from its corporate headquarters in Delaware, Ohio, by May 1.
From Big Lots to CVS and Walgreens, these major retailers shut down locations across the capital region.
The parent company of this well-known furniture and appliance chain with 15 Michigan stores is selling off its inventory at 60 to 80 percent off.
American Freight, a national home retail store known for its everyday low prices on quality home furnishings, will open a location at 2304 North Slappey Blvd....
American Freight Group, LLC, headquartered at 109 Innovation Court, has announced a mass layoff of 62 employees, effective February 3, 2025, due to poor...
American Freight closing. Published: Nov. 26, 2024 at 2:36 PM PST. The API failed to deliver the resource.
American Freight at 5212 N. Big Hollow Road in Peoria is going out of business. Large, yellow banners hang outside of American Freight at 5212 N. Big Hollow...
The discount retailer has mattresses, sofas and kitchen appliances marked up to 40% off.
American Freight Appliances & Furniture is getting the axe - or rather, all American Freight locations across America are closing their doors.
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
The official website of American Freight Appliances & Furniture is https://www.americanfreight.com.
According to Rankiteo, American Freight Appliances & Furniture’s AI-generated cybersecurity score is 761, reflecting their Fair security posture.
According to Rankiteo, American Freight Appliances & Furniture currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
According to Rankiteo, American Freight Appliances & Furniture is not certified under SOC 2 Type 1.
According to Rankiteo, American Freight Appliances & Furniture does not hold a SOC 2 Type 2 certification.
According to Rankiteo, American Freight Appliances & Furniture is not listed as GDPR compliant.
According to Rankiteo, American Freight Appliances & Furniture does not currently maintain PCI DSS compliance.
According to Rankiteo, American Freight Appliances & Furniture is not compliant with HIPAA regulations.
According to Rankiteo,American Freight Appliances & Furniture is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
American Freight Appliances & Furniture operates primarily in the Furniture and Home Furnishings Manufacturing industry.
American Freight Appliances & Furniture employs approximately 1,601 people worldwide.
American Freight Appliances & Furniture presently has no subsidiaries across any sectors.
American Freight Appliances & Furniture’s official LinkedIn profile has approximately 9,212 followers.
American Freight Appliances & Furniture is classified under the NAICS code 337, which corresponds to Furniture and Related Product Manufacturing.
No, American Freight Appliances & Furniture does not have a profile on Crunchbase.
Yes, American Freight Appliances & Furniture maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/american-freight-furniture-and-mattress.
As of November 28, 2025, Rankiteo reports that American Freight Appliances & Furniture has experienced 1 cybersecurity incidents.
American Freight Appliances & Furniture has an estimated 2,617 peer or competitor companies worldwide.
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
Detection and Response: The company detects and responds to cybersecurity incidents through an third party assistance with kroll..
Title: American Freight Data Breach
Description: Unauthorized access to employees’ email accounts between November 24, 2020, and December 9, 2020, potentially affecting 36,829 individuals and compromising the personal information of 59 Maine residents.
Date Detected: 2021-08-24
Date Publicly Disclosed: 2021-08-24
Type: Data Breach
Attack Vector: Email Account Compromise
Common Attack Types: The most common types of attacks the company has faced is Breach.
Data Compromised: Names, Social security numbers, Financial account numbers, Payment card numbers
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Names, Social Security Numbers, Financial Account Numbers, Payment Card Numbers and .
Entity Name: American Freight
Entity Type: Company
Industry: Retail
Customers Affected: 36829
Third Party Assistance: Kroll.
Third-Party Assistance: The company involves third-party assistance in incident response through Kroll, .
Type of Data Compromised: Names, Social security numbers, Financial account numbers, Payment card numbers
Number of Records Exposed: 36829
Sensitivity of Data: High
Personally Identifiable Information: NamesSocial Security numbers
Source: Maine Office of the Attorney General
Date Accessed: 2021-08-24
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Maine Office of the Attorney GeneralDate Accessed: 2021-08-24.
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Kroll, .
Most Recent Incident Detected: The most recent incident detected was on 2021-08-24.
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2021-08-24.
Most Significant Data Compromised: The most significant data compromised in an incident were Names, Social Security numbers, Financial account numbers, Payment card numbers and .
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was kroll, .
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Payment card numbers, Names, Financial account numbers and Social Security numbers.
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 397.0.
Most Recent Source: The most recent source of information about an incident is Maine Office of the Attorney General.
.png)
ThingsBoard in versions prior to v4.2.1 allows an authenticated user to upload malicious SVG images via the "Image Gallery", leading to a Stored Cross-Site Scripting (XSS) vulnerability. The exploit can be triggered when any user accesses the public API endpoint of the malicious SVG images, or if the malicious images are embedded in an `iframe` element, during a widget creation, deployed to any page of the platform (e.g., dashboards), and accessed during normal operations. The vulnerability resides in the `ImageController`, which fails to restrict the execution of JavaScript code when an image is loaded by the user's browser. This vulnerability can lead to the execution of malicious code in the context of other users' sessions, potentially compromising their accounts and allowing unauthorized actions.
Mattermost versions 11.0.x <= 11.0.2, 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12 fail to to verify that the token used during the code exchange originates from the same authentication flow, which allows an authenticated user to perform account takeover via a specially crafted email address used when switching authentication methods and sending a request to the /users/login/sso/code-exchange endpoint. The vulnerability requires ExperimentalEnableAuthenticationTransfer to be enabled (default: enabled) and RequireEmailVerification to be disabled (default: disabled).
Mattermost versions 11.0.x <= 11.0.2, 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12 fail to sanitize team email addresses to be visible only to Team Admins, which allows any authenticated user to view team email addresses via the GET /api/v4/channels/{channel_id}/common_teams endpoint
Exposure of email service credentials to users without administrative rights in Devolutions Server.This issue affects Devolutions Server: before 2025.2.21, before 2025.3.9.
Exposure of credentials in unintended requests in Devolutions Server.This issue affects Server: through 2025.2.20, through 2025.3.8.
Get company history
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rapid