AS Watson
Company Details
Linkedin ID:
aswatson
Website:
Employees number:
16,357
Number of followers:
96,946
NAICS:
43
Industry Type:
Homepage:
aswatsoncareers.com
IP Addresses:
0
Company ID:
AS _1519756
Scan Status:
In-progress
AS Watson Company CyberSecurity Posture
aswatsoncareers.com
AS Watson Group, the world’s largest international health and beauty retailer, is operating over 17,000 stores under 12 retail brands in 31 markets, with over 130,000 employees worldwide. For the fiscal year 2024, AS Watson Group recorded revenue of over US$24 billion. Every year, we are serving over 6 billion shoppers via our O+O (Offline plus Online) technology-enabled platforms. Together with our 12 retail brands including Watsons, Kruidvat, Trekpleister, Superdrug, Savers, Rossmann, Drogas, ICI PARIS XL, The Perfume Shop, PARKnSHOP, FORTRESS and Watson’s Wine, we set O+O (Offline Plus Online) as the new standard for retail. O+O is more about creating an integrated offline and online experience to better serve customers’ needs through digital transformation, that enables them to shop across any channel, anytime, anywhere. Every day, we work towards a clear purpose: To put a Smile on our customers’ faces today and tomorrow. Our success depends on our people staying ahead of the game. We believe that our attitude to teamwork and our encouragement for your personal growth comes shining through everything we do. We also know that our success as an employer isn’t just about influencing you on why you should join our business. It’s about asking you to imagine where it could take you.
AS Watson A.I CyberSecurity Scoring
AS Watson Risk Score (AI oriented)Between 750 and 799
AS Watson
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
AS Watson Global Score (TPRM)XXXX
AS Watson
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
AS Watson Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
Superdrug
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: Superdrug experienced a data breach affecting 20,000 individuals. They were contacted by hackers who claimed to have a number of our customer’s online shopping information. There is no evidence that Superdrug systems have been compromised. The criminals had got customers’ email addresses and passwords from other websites . They then used those credentials to access accounts on Superdrug's website. The types of personal information stolen were Names, Addresses, Dates of birth, Phone numbers, Point balances, Password advice.
AS Watson Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for AS Watson
Incidents vs Retail Industry Average (This Year)
No incidents recorded for AS Watson in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for AS Watson in 2025.
Incident Types AS Watson vs Retail Industry Avg (This Year)
No incidents recorded for AS Watson in 2025.
Incident History — AS Watson (X = Date, Y = Severity)
AS Watson cyber incidents detection timeline including parent company and subsidiaries
AS Watson Company Subsidiaries
AS Watson Group, the world’s largest international health and beauty retailer, is operating over 17,000 stores under 12 retail brands in 31 markets, with over 130,000 employees worldwide. For the fiscal year 2024, AS Watson Group recorded revenue of over US$24 billion. Every year, we are serving over 6 billion shoppers via our O+O (Offline plus Online) technology-enabled platforms. Together with our 12 retail brands including Watsons, Kruidvat, Trekpleister, Superdrug, Savers, Rossmann, Drogas, ICI PARIS XL, The Perfume Shop, PARKnSHOP, FORTRESS and Watson’s Wine, we set O+O (Offline Plus Online) as the new standard for retail. O+O is more about creating an integrated offline and online experience to better serve customers’ needs through digital transformation, that enables them to shop across any channel, anytime, anywhere. Every day, we work towards a clear purpose: To put a Smile on our customers’ faces today and tomorrow. Our success depends on our people staying ahead of the game. We believe that our attitude to teamwork and our encouragement for your personal growth comes shining through everything we do. We also know that our success as an employer isn’t just about influencing you on why you should join our business. It’s about asking you to imagine where it could take you.
Loading...
AS Watson Similar Companies
Ahold Delhaize
Ahold Delhaize is one of the world’s largest food retail groups, we are a leader in supermarkets and e-commerce, and a company at the forefront of sustainable retailing. Our local brands employ around 393,000 associates in around 9,400 local grocery, small format, and specialty stores. Our family
Post Office Ltd
We’ve come a long way since it all started over 380 years ago. We’ve built up a network of 11,500 branches across the country. To give you a sense of how big that is, we’ve got more branches than the four biggest banks in the UK put together. Or put simply, we’re the largest retail network in the
ALDI Nord Group
Welcome to the ALDI Nord Group! The ALDI Nord Group is one of the leading international retail enterprises. With a tradition stretching back over 110 years, the ALDI brand is synonymous with the invention of discount retail. ALDI Nord focuses on the essentials and reliably offers its customers in
Lidl in Germany
Anpacker. Durchstarter. Möglichmacher. Alle reden vom Kundenfokus, Customer first, dem Kunden als König. Wir finden, das ist zu kurz gedacht und würden es so formulieren: Der Mensch ist Dreh- und Angelpunkt unseres Erfolgs. Dazu gehört neben einer Kunden- auch die Mitarbeiterfokussierung. Und genau
Avolta
Avolta AG, (SIX: AVOL) is leading a travel experience revolution. The result of the Dufry-Autogrill business combination, Avolta puts the traveler at our strategic core as we maximize every moment of the journey through our unique combination of travel retail and travel food & beverage, passion fo
At BJ's, we’re focused on delivering unbeatable value and outstanding service to our members, and our culture is instrumental in fulfilling this mission. Our values reflect what is unique about BJ’s culture and are key factors in our past and future success. Explore career opportunities at BJ's and
The Carrefour Group: one of the world’s leading retailers In 50 years, the Carrefour Group has become a world leader in the retail sector. The second largest retailer in the world and the largest in Europe, the Group now features four major grocery retail formats: hypermarkets, supermarkets, cash
At M&S, we're dedicated to being the most trusted retailer, prioritising quality and delivering value. Every day, we bring the magic of M&S to our customers, whenever, wherever and however they want to shop with us. For over a century, we've set the standard, doing the right thing and embracing inno
Dollarama
Dollarama was founded by third-generation retailer and Canadian entrepreneur, Larry Rossy. It all started with one store, in Matane, Quebec, in 1992, and quickly grew over the next two decades to become a household name and shopping destination for Canadians from coast to coast. Dollarama today is
.png)
AS Watson CyberSecurity News
November 10, 2025 08:00 AM
Cybersecurity breach at Congressional Budget Office remains a live threat - Live Updates
Library of Congress employees were informed to take caution when emailing the office of the congressional scorekeeper.
October 20, 2025 07:00 AM
California Finalizes Groundbreaking Regulations on AI, Risk Assessments, and Cybersecurity, Part III: Risk Assessments
On September 23, 2025, the California Office of Administrative Law (OAL) approved regulations under the California Consumer Privacy Act...
September 09, 2025 07:00 AM
Podcast: KVH on connectivity, cybersecurity, and crew wellbeing
Marine Log's Listen Up! podcast is back with a new episode featuring Chris Watson, vice president of marketing and communications at KVH...
August 22, 2025 07:00 AM
EY on CISOs' Role in Strategic Value Creation
Research from EY reveals CISOs contribute up to 20% of strategic project value but remain excluded from early decision-making processes.
August 07, 2025 07:00 AM
California Finalizes Groundbreaking Regulations on AI, Risk Assessments, and Cybersecurity, Part II: What Businesses Need to Know
In July 2025, the California Privacy Protection Agency (CPPA) Board unanimously approved new regulations pursuant to the California Consumer...
June 25, 2025 07:00 AM
Agentic AI Helps Organizations Scale Cybersecurity Faster: EY Study
In an era of tightening budgets and expanding threats, cybersecurity leaders are turning to agentic AI as their secret weapon.
June 02, 2025 07:00 AM
EY Study: How Cybersecurity Adds $36m Value per Initiative
Research from EY reveals CISOs contribute up to 20% of strategic project value but remain excluded from early decision-making processes.
May 26, 2025 07:00 AM
State of Healthcare Cybersecurity: 50 Facts
45% of healthcare cybersecurity professionals stated that a phishing attack was responsible for the most severe data breach experienced by their organization.
April 22, 2025 07:00 AM
Arkansas state government bolstering cybersecurity as federal partners defunded
Arkansas' state government is bolstering its cybersecurity capabilities as cuts to the U.S. Cybersecurity and Infrastructure Security Agency...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
AS Watson CyberSecurity History Information
Official Website of AS Watson
The official website of AS Watson is https://www.aswatsoncareers.com/.
AS Watson’s AI-Generated Cybersecurity Score
According to Rankiteo, AS Watson’s AI-generated cybersecurity score is 791, reflecting their Fair security posture.
How many security badges does AS Watson’ have ?
According to Rankiteo, AS Watson currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does AS Watson have SOC 2 Type 1 certification ?
According to Rankiteo, AS Watson is not certified under SOC 2 Type 1.
Does AS Watson have SOC 2 Type 2 certification ?
According to Rankiteo, AS Watson does not hold a SOC 2 Type 2 certification.
Does AS Watson comply with GDPR ?
According to Rankiteo, AS Watson is not listed as GDPR compliant.
Does AS Watson have PCI DSS certification ?
According to Rankiteo, AS Watson does not currently maintain PCI DSS compliance.
Does AS Watson comply with HIPAA ?
According to Rankiteo, AS Watson is not compliant with HIPAA regulations.
Does AS Watson have ISO 27001 certification ?
According to Rankiteo,AS Watson is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of AS Watson
AS Watson operates primarily in the Retail industry.
Number of Employees at AS Watson
AS Watson employs approximately 16,357 people worldwide.
Subsidiaries Owned by AS Watson
AS Watson presently has no subsidiaries across any sectors.
AS Watson’s LinkedIn Followers
AS Watson’s official LinkedIn profile has approximately 96,946 followers.
NAICS Classification of AS Watson
AS Watson is classified under the NAICS code 43, which corresponds to Retail Trade.
AS Watson’s Presence on Crunchbase
No, AS Watson does not have a profile on Crunchbase.
AS Watson’s Presence on LinkedIn
Yes, AS Watson maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/aswatson.
Cybersecurity Incidents Involving AS Watson
As of November 27, 2025, Rankiteo reports that AS Watson has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
AS Watson has an estimated 15,252 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at AS Watson ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
Incident Details
Can you provide details on each incident ?
Title: Superdrug Data Breach
Description: Superdrug experienced a data breach affecting 20,000 individuals. They were contacted by hackers who claimed to have a number of our customer’s online shopping information. There is no evidence that Superdrug systems have been compromised. The criminals had got customers’ email addresses and passwords from other websites. They then used those credentials to access accounts on Superdrug's website. The types of personal information stolen were Names, Addresses, Dates of birth, Phone numbers, Point balances, Password advice.
Type: Data Breach
Attack Vector: Credential Stuffing
Vulnerability Exploited: Reused credentials
Threat Actor: Unknown
Motivation: Data Theft
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach SUP23281122
Data Compromised: Names, Addresses, Dates of birth, Phone numbers, Point balances, Password advice
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Names, Addresses, Dates Of Birth, Phone Numbers, Point Balances, Password Advice and .
Which entities were affected by each incident ?
Incident : Data Breach SUP23281122
Entity Name: Superdrug
Entity Type: Company
Industry: Retail
Customers Affected: 20000
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach SUP23281122
Type of Data Compromised: Names, Addresses, Dates of birth, Phone numbers, Point balances, Password advice
Number of Records Exposed: 20000
Sensitivity of Data: Medium
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident was an Unknown.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Names, Addresses, Dates of birth, Phone numbers, Point balances, Password advice and .
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Names, Point balances, Addresses, Dates of birth, Password advice and Phone numbers.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 200.0.
.png)
Latest Global CVEs (Not Company-Specific)
Description
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.
Risk Information
cvss4
Base: 7.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
- https://github.com/angular/angular/commit/0276479e7d0e280e0f8d26fa567d3b7aa97a516f
- https://github.com/angular/angular/commit/05fe6686a97fa0bcd3cf157805b3612033f975bc
- https://github.com/angular/angular/commit/3240d856d942727372a705252f7c8c115394a41e
- https://github.com/angular/angular/releases/tag/19.2.16
- https://github.com/angular/angular/releases/tag/20.3.14
- https://github.com/angular/angular/releases/tag/21.0.1
- https://github.com/angular/angular/security/advisories/GHSA-58c5-g7wp-6w37
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 6.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected when working with large buffers. This includes a rule passing a large buffer to a Lua script. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling Lua rules and output scripts, or making sure limits, such as stream.depth.reassembly and HTTP response body limits (response-body-limit), are set to less than half the stack size.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64_data. This issue has been patched in version 8.0.2. A workaround involves disabling rules that use entropy in conjunction with base64_data.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=aswatson' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
