Arby's
Company Details
Linkedin ID:
arby's
Website:
Employees number:
27,492
Number of followers:
64,726
NAICS:
7225
Industry Type:
Homepage:
arbys.com
IP Addresses:
0
Company ID:
ARB_7732512
Scan Status:
In-progress
Arby's Company CyberSecurity Posture
arbys.com
Arby’s, founded in 1964, is the second-largest sandwich restaurant brand in the world with more than 3,400 restaurants in seven countries. Arby’s is part of the Inspire Brands family of restaurants. For more information, visit Arbys.com and InspireBrands.com With the current growth and momentum of the brand, Arby’s is actively seeking new franchisees. To learn more about available markets and requirements, visit ArbysFranchising.com
Arby's A.I CyberSecurity Scoring
Arby's Risk Score (AI oriented)Between 750 and 799
Arby's
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Arby's Global Score (TPRM)XXXX
Arby's
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Arby's Company CyberSecurity News & History
Past Incidents
3
Attack Types
2
Arby's
Breach
Rankiteo Explanation
Loss of bank statements, self-assessment details, and other people's National Insurance numbers
Description: As one of the biggest fast-food sandwich companies in the US, Arby's Restaurant Group acknowledged that thieves had compromised its point-of-sale systems. When industry partners notified Arby's Restaurants of the security vulnerability, the company found out in mid-January. The corporation claims that only now, in response to a specific request from the FBI, has the card hack been made public. In order to eliminate malware, clean up its systems, and look into the credit card hack, the corporation engaged Mandiant and other security specialists.
Jimmy John's Franchises LLC
Cyber Attack
Rankiteo Explanation
Attack limited on finance or reputation
Description: The California Office of the Attorney General reported that Jimmy John’s experienced a payment card security incident affecting approximately 216 stores. Unauthorized access occurred from June 16, 2014 to September 5, 2014, compromising credit and debit card data, including card numbers and potentially cardholder names, verification codes, and expiration dates. The report was made on September 24, 2014.
SONIC Corp.
Cyber Attack
Rankiteo Explanation
Attack limited on finance or reputation
Description: On October 5, 2017, the California Office of the Attorney General reported that Sonic Drive-In experienced a malware attack that compromised credit and debit card numbers at certain locations. No specific number of individuals affected or breach date was provided, and the types of information impacted are limited to card numbers.
Arby's Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Arby's
Incidents vs Restaurants Industry Average (This Year)
No incidents recorded for Arby's in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Arby's in 2025.
Incident Types Arby's vs Restaurants Industry Avg (This Year)
No incidents recorded for Arby's in 2025.
Incident History — Arby's (X = Date, Y = Severity)
Arby's cyber incidents detection timeline including parent company and subsidiaries
Arby's Company Subsidiaries
Arby’s, founded in 1964, is the second-largest sandwich restaurant brand in the world with more than 3,400 restaurants in seven countries. Arby’s is part of the Inspire Brands family of restaurants. For more information, visit Arbys.com and InspireBrands.com With the current growth and momentum of the brand, Arby’s is actively seeking new franchisees. To learn more about available markets and requirements, visit ArbysFranchising.com
Loading...
Arby's Similar Companies
KFC
We’re KFC. The iconic, brand making world-famous finger lickin’ good fried chicken since 1952. Our unrivaled people and culture are the true heart and soul of our brand. It’s where our people promise comes to life every day. Where our employees can be their best selves, make a difference, and have f
Subway
Subway is one of the world's largest quick service restaurant brands, serving freshly made-to-order sandwiches, wraps, salads and bowls to millions of guests, across over 100 countries in more than 37,000 restaurants every day. Subway restaurants are owned and operated by Subway franchisees – a ne
Domino's
Domino’s is a purpose-inspired, performance-driven company powered by exceptional people who are committed to feeding the power of possible—one pizza at a time. Founded in 1960 with a single store in Ypsilanti, Michigan, Domino’s has grown into one of the most recognized and leading pizza brands in
Dallas-based Brinker International, Inc. is one of the world’s leading casual dining restaurant companies. Founded in 1975, Brinker owns, operates or franchises more than 1,600 restaurants across 31 countries and two territories under the names Chili’s® Grill & Bar and Maggiano’s Little Italy®. O
McDonald's
McDonald’s is the world’s leading global foodservice retailer with over 37,000 locations in over 100 countries. More than 90% of McDonald’s restaurants worldwide are owned and operated by independent local business men and women. McDonald's & our franchisees employ 1.9 million people worldwide.
Jersey Mike's Subs
Jersey Mike’s, a fast-casual sub sandwich franchise with more than 3,000 locations open nationwide, believes that making a sub sandwich and making a difference can be one and the same. Jersey Mike’s offers A Sub Above®, serving authentic fresh sliced subs and authentic Philly cheesesteaks grilled t
ZAMP
Somos um grande ecossistema de restaurantes que reúne marcas internacionais como Burger King®, Popeyes®, Starbucks® e Subway®. E, por trás de cada receita de sucesso, estão os Zampers: gente que faz acontecer, que joga junto e que deixa sua marca todos os dias. Aqui, a gente acredita que o verdad
Jollibee Group North America
Our Jollibee Group was founded in 1975 by Tony Tan Caktiong. With the help of his wife Grace, his family, and in-laws, they started everything with a small family business selling ice cream in the streets of Manila. Three years after starting, the family saw the opportunity for hot meals. They conve
Bloomin' Brands, Inc.
Since the first Outback Steakhouse opened, our family of brands has expanded to include Carrabba's Italian Grill, Bonefish Grill, and Fleming's Prime Steakhouse & Wine Bar. Together, these unique, Founder-inspired restaurants make up Bloomin' Brands, Inc. Today, we are one of the world's largest cas
.png)
Arby's CyberSecurity News
May 09, 2024 07:00 AM
One of Arby’s Biggest Franchisees Hacked in a Ransomware Attack by Cactus
DRM, a family owned and operated company has recently been under attack from a ransomware group. With 73 restaurants potentially compromised...
October 03, 2018 07:00 AM
Burgerville Hit By Massive Cybersecurity Breach, Class-Action Lawsuit
UPDATE (Oct. 3, 5:27 p.m. PT) — Burgerville says it has discovered a "sophisticated" cybersecurity breach that may have affected customers...
August 22, 2018 07:00 AM
If you shopped at these 16 stores in the last year, your data might have been stolen
Data breaches continue to be a threat to consumers. Many companies were hacked and likely had information stolen from them since January...
August 01, 2018 07:00 AM
How Cyber Crime Group FIN7 Attacked and Stole Data from Hundreds of U.S. Companies
FIN7 members engaged in a highly sophisticated malware campaign targeting more than 100 US companies, predominantly in the restaurant, gaming, and hospitality...
October 25, 2017 07:00 AM
National Restaurant Association Attacks Cyber Threats With a New Tool
Restaurants are as vulnerable as any business when it comes to cybersecurity and data breaches. We saw that last month, when at least 5...
February 13, 2017 08:00 AM
Hackers Embarrass David Beckham, Breach Arby's and Knock Offline Dark Web Sites
Hackers stole emails and documents from the Doyen Global publicity agency, which represents the former Manchester United/Real Madrid/LA Galaxy star.
February 10, 2017 08:00 AM
Been to Arby’s Lately? Check Your Bank Statements
The fast-food chain had fallen victim to a massive credit card data breach, and now it's been hit with eight different lawsuits from banks, credit unions, and...
February 10, 2017 08:00 AM
Hackers Sink Their Teeth Into Arby’s Credit Card Data
Fast food chain Arby's confirmed that credit card data was stolen from thousands of its customers due to a data breach that took place last...
February 09, 2017 08:00 AM
Fast Food Chain Arby’s Acknowledges Breach
Arby's told KrebsOnSecurity that it recently remediated a breach involving malicious software installed on payment card systems at hundreds of its restaurant...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Arby's CyberSecurity History Information
Official Website of Arby's
The official website of Arby's is http://www.arbys.com.
Arby's’s AI-Generated Cybersecurity Score
According to Rankiteo, Arby's’s AI-generated cybersecurity score is 779, reflecting their Fair security posture.
How many security badges does Arby's’ have ?
According to Rankiteo, Arby's currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Arby's have SOC 2 Type 1 certification ?
According to Rankiteo, Arby's is not certified under SOC 2 Type 1.
Does Arby's have SOC 2 Type 2 certification ?
According to Rankiteo, Arby's does not hold a SOC 2 Type 2 certification.
Does Arby's comply with GDPR ?
According to Rankiteo, Arby's is not listed as GDPR compliant.
Does Arby's have PCI DSS certification ?
According to Rankiteo, Arby's does not currently maintain PCI DSS compliance.
Does Arby's comply with HIPAA ?
According to Rankiteo, Arby's is not compliant with HIPAA regulations.
Does Arby's have ISO 27001 certification ?
According to Rankiteo,Arby's is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Arby's
Arby's operates primarily in the Restaurants industry.
Number of Employees at Arby's
Arby's employs approximately 27,492 people worldwide.
Subsidiaries Owned by Arby's
Arby's presently has no subsidiaries across any sectors.
Arby's’s LinkedIn Followers
Arby's’s official LinkedIn profile has approximately 64,726 followers.
NAICS Classification of Arby's
Arby's is classified under the NAICS code 7225, which corresponds to Restaurants and Other Eating Places.
Arby's’s Presence on Crunchbase
No, Arby's does not have a profile on Crunchbase.
Arby's’s Presence on LinkedIn
Yes, Arby's maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/arby's.
Cybersecurity Incidents Involving Arby's
As of November 27, 2025, Rankiteo reports that Arby's has experienced 3 cybersecurity incidents.
Number of Peer and Competitor Companies
Arby's has an estimated 4,808 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Arby's ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach and Cyber Attack.
How does Arby's detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an third party assistance with mandiant, third party assistance with other security specialists, and law enforcement notified with fbi, and containment measures with eliminate malware, containment measures with clean up systems..
Incident Details
Can you provide details on each incident ?
Title: Arby's Point-of-Sale Systems Compromised
Description: Thieves compromised the point-of-sale systems of Arby's Restaurant Group, one of the biggest fast-food sandwich companies in the US.
Date Detected: mid-January
Type: Data Breach
Attack Vector: Point-of-Sale Systems
Threat Actor: Thieves
Motivation: Financial Gain
Title: Jimmy John's Payment Card Security Incident
Description: Unauthorized access to payment card data affecting approximately 216 stores.
Date Detected: 2014-09-24
Date Publicly Disclosed: 2014-09-24
Type: Data Breach
Attack Vector: Unauthorized Access
Title: Sonic Drive-In Malware Attack
Description: On October 5, 2017, the California Office of the Attorney General reported that Sonic Drive-In experienced a malware attack that compromised credit and debit card numbers at certain locations.
Date Detected: 2017-10-05
Date Publicly Disclosed: 2017-10-05
Type: Malware Attack
Attack Vector: Malware
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Cyber Attack.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Point-of-Sale Systems.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach ARB525191123
Data Compromised: Credit card information
Systems Affected: Point-of-Sale Systems
Payment Information Risk: High
Incident : Data Breach JIM204072525
Data Compromised: Credit and debit card data, Card numbers, Cardholder names, Verification codes, Expiration dates
Payment Information Risk: High
Incident : Malware Attack SON903072625
Data Compromised: Credit and debit card numbers
Payment Information Risk: True
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Credit Card Information, , Credit And Debit Card Data, Card Numbers, Cardholder Names, Verification Codes, Expiration Dates, , Credit And Debit Card Numbers and .
Which entities were affected by each incident ?
Incident : Data Breach ARB525191123
Entity Name: Arby's Restaurant Group
Entity Type: Fast-Food Sandwich Company
Industry: Food and Beverage
Location: US
Size: Large
Incident : Data Breach JIM204072525
Entity Name: Jimmy John's
Entity Type: Restaurant Chain
Industry: Food and Beverage
Location: Multiple
Size: Approximately 216 stores
Incident : Malware Attack SON903072625
Entity Name: Sonic Drive-In
Entity Type: Restaurant Chain
Industry: Food and Beverage
Location: Certain locations
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach ARB525191123
Third Party Assistance: Mandiant, Other Security Specialists.
Law Enforcement Notified: FBI,
Containment Measures: Eliminate MalwareClean Up Systems
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through Mandiant, Other Security Specialists, .
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach ARB525191123
Type of Data Compromised: Credit card information
Sensitivity of Data: High
Incident : Data Breach JIM204072525
Type of Data Compromised: Credit and debit card data, Card numbers, Cardholder names, Verification codes, Expiration dates
Sensitivity of Data: High
Personally Identifiable Information: Cardholder names
Incident : Malware Attack SON903072625
Type of Data Compromised: Credit and debit card numbers
Sensitivity of Data: High
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by eliminate malware, clean up systems and .
References
Where can I find more information about each incident ?
Incident : Data Breach ARB525191123
Source: Cyber Incident Description
Incident : Data Breach JIM204072525
Source: California Office of the Attorney General
Date Accessed: 2014-09-24
Incident : Malware Attack SON903072625
Source: California Office of the Attorney General
Date Accessed: 2017-10-05
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Cyber Incident Description, and Source: California Office of the Attorney GeneralDate Accessed: 2014-09-24, and Source: California Office of the Attorney GeneralDate Accessed: 2017-10-05.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Data Breach ARB525191123
Investigation Status: Ongoing
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Data Breach ARB525191123
Entry Point: Point-of-Sale Systems
Post-Incident Analysis
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Mandiant, Other Security Specialists, .
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident was an Thieves.
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on mid-January.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2017-10-05.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Credit Card Information, , Credit and debit card data, Card numbers, Cardholder names, Verification codes, Expiration dates, , Credit and debit card numbers and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was Point-of-Sale Systems.
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was mandiant, other security specialists, .
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident was Eliminate MalwareClean Up Systems.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Verification codes, Card numbers, Expiration dates, Credit Card Information, Cardholder names, Credit and debit card data and Credit and debit card numbers.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are Cyber Incident Description and California Office of the Attorney General.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing.
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker was an Point-of-Sale Systems.
.png)
Latest Global CVEs (Not Company-Specific)
Description
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.
Risk Information
cvss4
Base: 7.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
- https://github.com/angular/angular/commit/0276479e7d0e280e0f8d26fa567d3b7aa97a516f
- https://github.com/angular/angular/commit/05fe6686a97fa0bcd3cf157805b3612033f975bc
- https://github.com/angular/angular/commit/3240d856d942727372a705252f7c8c115394a41e
- https://github.com/angular/angular/releases/tag/19.2.16
- https://github.com/angular/angular/releases/tag/20.3.14
- https://github.com/angular/angular/releases/tag/21.0.1
- https://github.com/angular/angular/security/advisories/GHSA-58c5-g7wp-6w37
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 6.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected when working with large buffers. This includes a rule passing a large buffer to a Lua script. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling Lua rules and output scripts, or making sure limits, such as stream.depth.reassembly and HTTP response body limits (response-body-limit), are set to less than half the stack size.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64_data. This issue has been patched in version 8.0.2. A workaround involves disabling rules that use entropy in conjunction with base64_data.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=arby's' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
