ARC
Company Details
Linkedin ID:
american-red-cross
Website:
Employees number:
33,018
Number of followers:
634,703
NAICS:
8135
Industry Type:
Homepage:
redcross.org
IP Addresses:
0
Company ID:
AME_1009635
Scan Status:
In-progress
American Red Cross Company CyberSecurity Posture
redcross.org
The American Red Cross prevents and alleviates human suffering in the face of emergencies by mobilizing the power of volunteers and the generosity of donors. Each day, thousands of people – people just like you – provide compassionate care to those in need. Our network of generous donors, volunteers and employees share a mission of preventing and relieving suffering, here at home and around the world. We roll up our sleeves and donate time, money and blood. We learn or teach life-saving skills so our communities can be better prepared when the need arises. We do this every day because the Red Cross is needed - every day.
American Red Cross A.I CyberSecurity Scoring
ARC Risk Score (AI oriented)Between 750 and 799
ARC
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
ARC Global Score (TPRM)XXXX
ARC
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
ARC Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
American Red Cross
Ransomware
Rankiteo Explanation
Attack threatening the organization's existence
Description: A Switzerland-based IT company that stores and manages the data related to the International Committee of the Red Cross was attacked by hackers. The malware attack exposed information of over 500,000 people to hackers. The data accessed and stolen from the database includes 60 of Red Cross and Red Crescent National Societies.
ARC Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for ARC
Incidents vs Non-profit Organizations Industry Average (This Year)
No incidents recorded for American Red Cross in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for American Red Cross in 2025.
Incident Types ARC vs Non-profit Organizations Industry Avg (This Year)
No incidents recorded for American Red Cross in 2025.
Incident History — ARC (X = Date, Y = Severity)
ARC cyber incidents detection timeline including parent company and subsidiaries
ARC Company Subsidiaries
The American Red Cross prevents and alleviates human suffering in the face of emergencies by mobilizing the power of volunteers and the generosity of donors. Each day, thousands of people – people just like you – provide compassionate care to those in need. Our network of generous donors, volunteers and employees share a mission of preventing and relieving suffering, here at home and around the world. We roll up our sleeves and donate time, money and blood. We learn or teach life-saving skills so our communities can be better prepared when the need arises. We do this every day because the Red Cross is needed - every day.
Loading...
ARC Similar Companies
Colsubsidio
Colsubsidio es una organización privada sin ánimo de lucro, que pertenece al Sistema de Protección y Seguridad Social, su evolución ha estado marcada tanto por el reconocimiento de las personas como seres integrales con necesidades dinámicas, múltiples e interdependientes, como por las transformacio
Goodwill Industries is all about people working. We are North America’s leading nonprofit provider of education, training, and career services for people with disadvantages, such as welfare dependency, homelessness, and lack of education or work experience, as well as those with physical, mental an
AIESEC
AIESEC develops leadership among youth aged 18 to 30 and contributes to strengthening the global employability market by providing an end-to-end international talent recruitment solution for Enterprises, NGOs, and Start-ups. AIESEC is the world's largest youth-run organization developing the leader
The Salvation Army is the nation's largest direct provider of social services. Annually, we help millions overcome poverty, addiction, and spiritual and economic hardships by preaching the gospel of Jesus Christ and meeting human needs in His name without discrimination in nearly every zip code.
CASA DE LA FAMILIA
Casa de la Familia (CDLF) is a 501(c)(3) non-profit organization founded in 1996 by Clinical Psychologist Dr. Ana Nogales whose vision was to create an organization dedicated to ensuring long-lasting mental health success of children, youth, and families in response to psychological trauma. We prov
Médecins Sans Frontières (MSF)
Médecins Sans Frontières (MSF) is an international, independent, medical humanitarian organisation working to provide medical assistance to people affected by conflict, epidemics, disasters, or exclusion from healthcare. Since our founding in 1971, we’ve grown to a global movement delivering human
The International Rescue Committee responds to the world’s worst humanitarian crises and help people to survive, recover, and gain control of their future. Founded in 1933 at the request of Albert Einstein, the IRC offers lifesaving care and life-changing assistance to refugees and displaced peopl
UNICEF
UNICEF works in some of the world’s toughest places, to reach the world’s most disadvantaged children. To save their lives. To defend their rights. To help them fulfill their potential. Across 190 countries and territories, we work for every child, everywhere, every day, to build a better world fo
YMCA of the USA
YMCA of the USA is the national resource office for the nation's YMCAs. Located in Chicago, IL, YMCA of the USA exists to serve YMCAs. To address the specific needs of communities, each YMCA is an independent organization, autonomous and separate from YMCA of the USA. They are required by the nation
.png)
ARC CyberSecurity News
December 05, 2025 11:49 AM
Emily Fortman Steps In as Interim Regional CEO for the American Red Cross Central & Southern Ohio Region
The American Red Cross Central & Southern Ohio Region has a new interim leader. Emily Fortman, a veteran of humanitarian and disaster...
December 03, 2025 11:13 PM
Zion Elementary District 6 schools reopen Thursday following cybersecurity incident
The district became aware of the incident on Sunday and closed all schools and offices from Monday to Wednesday after the incident was said...
December 03, 2025 02:27 PM
Security Risk Advisors names Suzanne Hall as CISO in residence to guide cyber strategy
Security Risk Advisors (SRA), vendor of cybersecurity and services, announced the appointment of Suzanne Hall as CISO in Residence.
November 25, 2025 08:00 AM
Russian hackers target US engineering firm because of work done for Ukrainian sister city
Hackers working for Russian intelligence attacked an American engineering company this fall, seemingly because that firm had worked for a...
November 20, 2025 12:30 PM
DHS OCIO Receives Patent for Innovative Cybersecurity Maturity Model
The Department of Homeland Security's Office of the Chief Information Officer (OCIO) has been awarded U.S. Patent No.
November 14, 2025 11:32 AM
The Top 100 U.S. Cybersecurity Leaders Shaping a Safer Digital Future
These Top 100 cybersecurity leaders in the U.S. are not only tackling today's threats but also anticipating the challenges of tomorrow.
November 02, 2025 07:00 AM
Gaza peace pact: Israel says ‘bodies not of hostages’ after Red Cross handover; truce deal under strain
Middle East News: Israel's military confirmed that three bodies handed over from Gaza via the Red Cross were not among the deceased hostages...
October 25, 2025 07:00 AM
National Cyber Director Outlines Vision for New Cybersecurity Strategy
National Cyber Director Sean Cairncross provided homeland security stakeholders with a preview of the Trump administration's forthcoming...
October 23, 2025 07:00 AM
U.S. Cybersecurity Progress Stalls: Solarium Commission Reports on “Unprecedented Setbacks”
Key Report Takeaways: First major reversal: Only 35% of Cyberspace Solarium Commission recommendations are now fully implemented, down from...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
ARC CyberSecurity History Information
Official Website of American Red Cross
The official website of American Red Cross is http://www.redcross.org.
American Red Cross’s AI-Generated Cybersecurity Score
According to Rankiteo, American Red Cross’s AI-generated cybersecurity score is 760, reflecting their Fair security posture.
How many security badges does American Red Cross’ have ?
According to Rankiteo, American Red Cross currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does American Red Cross have SOC 2 Type 1 certification ?
According to Rankiteo, American Red Cross is not certified under SOC 2 Type 1.
Does American Red Cross have SOC 2 Type 2 certification ?
According to Rankiteo, American Red Cross does not hold a SOC 2 Type 2 certification.
Does American Red Cross comply with GDPR ?
According to Rankiteo, American Red Cross is not listed as GDPR compliant.
Does American Red Cross have PCI DSS certification ?
According to Rankiteo, American Red Cross does not currently maintain PCI DSS compliance.
Does American Red Cross comply with HIPAA ?
According to Rankiteo, American Red Cross is not compliant with HIPAA regulations.
Does American Red Cross have ISO 27001 certification ?
According to Rankiteo,American Red Cross is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of American Red Cross
American Red Cross operates primarily in the Non-profit Organizations industry.
Number of Employees at American Red Cross
American Red Cross employs approximately 33,018 people worldwide.
Subsidiaries Owned by American Red Cross
American Red Cross presently has no subsidiaries across any sectors.
American Red Cross’s LinkedIn Followers
American Red Cross’s official LinkedIn profile has approximately 634,703 followers.
NAICS Classification of American Red Cross
American Red Cross is classified under the NAICS code 8135, which corresponds to Others.
American Red Cross’s Presence on Crunchbase
Yes, American Red Cross has an official profile on Crunchbase, which can be accessed here: https://www.crunchbase.com/organization/american-red-cross.
American Red Cross’s Presence on LinkedIn
Yes, American Red Cross maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/american-red-cross.
Cybersecurity Incidents Involving American Red Cross
As of December 12, 2025, Rankiteo reports that American Red Cross has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
American Red Cross has an estimated 20,977 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at American Red Cross ?
Incident Types: The types of cybersecurity incidents that have occurred include Ransomware.
Incident Details
Can you provide details on each incident ?
Title: Data Breach at Switzerland-based IT Company Managing Red Cross Data
Description: A Switzerland-based IT company that stores and manages the data related to the International Committee of the Red Cross was attacked by hackers. The malware attack exposed information of over 500,000 people to hackers. The data accessed and stolen from the database includes 60 of Red Cross and Red Crescent National Societies.
Type: Data Breach
Attack Vector: Malware
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Ransomware.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach AME15579222
Data Compromised: Personal information of over 500,000 people, Data from 60 red cross and red crescent national societies
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Personal Information, Organizational Data and .
Which entities were affected by each incident ?
Incident : Data Breach AME15579222
Entity Name: Switzerland-based IT Company
Entity Type: IT Services
Industry: Information Technology
Location: Switzerland
Incident : Data Breach AME15579222
Entity Name: International Committee of the Red Cross
Entity Type: Non-profit Organization
Industry: Humanitarian Aid
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach AME15579222
Type of Data Compromised: Personal information, Organizational data
Number of Records Exposed: Over 500,000
Additional Questions
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Personal information of over 500,000 people, Data from 60 Red Cross and Red Crescent National Societies and .
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Personal information of over 500,000 people and Data from 60 Red Cross and Red Crescent National Societies.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 500.0K.
.png)
Latest Global CVEs (Not Company-Specific)
Description
LibreChat is a ChatGPT clone with additional features. In versions 0.8.0 and below, there is no handler for JSON parsing errors; SyntaxError from express.json() includes user input in the error message, which gets reflected in responses. User input (including HTML/JavaScript) can be exposed in error responses, creating an XSS risk if Content-Type isn't strictly enforced. This issue does not have a fix at the time of publication.
Risk Information
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
LibreChat is a ChatGPT clone with additional features. In versions 0.8.0 and below, when creating prompts, JSON requests are sent to define and modify the prompts via PATCH endpoint for prompt groups (/api/prompts/groups/:groupId). However, the request bodies are not sufficiently validated for proper input, enabling users to modify prompts in a way that was not intended as part of the front end system. The patchPromptGroup function passes req.body directly to updatePromptGroup() without filtering sensitive fields. This issue is fixed in version 0.8.1.
Risk Information
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
LibreChat is a ChatGPT clone with additional features. In versions 0.8.0 and below, when a user posts a question, the iconURL parameter of the POST request can be modified by an attacker. The malicious code is then stored in the chat which can then be shared to other users. When sharing chats with a potentially malicious “tracker”, resources loaded can lead to loss of privacy for users who view the chat link that is sent to them. This issue is fixed in version 0.8.1.
Risk Information
cvss4
Base: 8.6
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
MaxKB is an open-source AI assistant for enterprise. Versions 2.3.1 and below have improper file permissions which allow attackers to overwrite the built-in dynamic linker and other critical files, potentially resulting in privilege escalation. This issue is fixed in version 2.4.0.
Risk Information
cvss3
Base: 8.8
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Description
MaxKB is an open-source AI assistant for enterprise. In versions 2.3.1 and below, the tool module allows an attacker to escape the sandbox environment and escalate privileges under certain concurrent conditions. This issue is fixed in version 2.4.0.
Risk Information
cvss3
Base: 8.8
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=american-red-cross' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
