BNP Paribas CIB Company CyberSecurity Posture
cib.bnpparibas
In a changing world, we aim at anticipating transformation and driving your company for success. We are convinced to have the expertise and networks you need to develop your business. BNP Paribas Corporate and Institutional Banking is a leading global financial partner, offering you a wide range of tailored solutions in Capital Markets, Securities Services, Financing, Treasury and Advisory Services. If you want to know more about us, visit www.cib.bnpparibas.com
Company Details
bnpparibascorporateandinstitutionalbanking
15,383
366,868
52
cib.bnpparibas
0
BNP_1279706
In-progress
BPC Risk Score (AI oriented)Between 750 and 799
BPC Global Score (TPRM)XXXX
Description: The California Office of the Attorney General disclosed a data breach at Bank of the West on June 23, 2022, stemming from an ATM skimming incident detected between November 10, 2021, and April 18, 2022. The breach involved unauthorized access to card numbers, PINs, and personal information of customers using compromised ATMs. While the exact number of affected individuals remains undisclosed, the incident exposed sensitive financial and personal data, posing risks of fraudulent transactions, identity theft, and unauthorized account access.The breach was likely executed through physical tampering of ATMs a common tactic where criminals install skimming devices to capture card details and PINs. Although no explicit mention of large-scale financial losses or systemic disruptions was reported, the exposure of payment card data and personal identifiers suggests a direct threat to customers' financial security and privacy. The prolonged detection window (over five months) further exacerbates the potential for misuse of the stolen data before mitigation measures were implemented.This incident underscores vulnerabilities in physical and digital payment infrastructure, highlighting the need for enhanced monitoring, customer notifications, and fraud prevention protocols to mitigate post-breach risks.
Description: The California Office of the Attorney General reported a data breach involving Bank of the West on April 5, 2019. The breach occurred due to the installation of an ATM skimming device at the Campbell Branch ATM between December 3, 2018, and December 22, 2018, potentially compromising debit card information such as card numbers and PINs for an unspecified number of individuals.
Description: Bank of Montreal have been targeted by hackers. The personal information of tens of thousands of customers may have been stolen. Hackers were demanding a $1-million ransom from the banks. Bank of Montreal had stolen data on up to 50,000 of the bank's customers. The tipsters were the hackers themselves.
Description: On August 20, 2018, the California Office of the Attorney General reported a data breach involving Bank of the West that occurred on March 2, 2018. Unauthorized third parties accessed employee email accounts at a contracted service provider, potentially affecting personal information including business names and Social Security numbers linked to businesses. The number of affected individuals is unknown.
Description: The California Office of the Attorney General reported that Bank of the West experienced a data breach involving ATM skimming devices discovered on April 9, 2017. The breach potentially exposed debit card numbers and PINs as a result of fraudulent activities affecting customers in Southern California. It is estimated that the unauthorized devices were in place from February 1, 2017, to April 9, 2017.
Description: The California Office of the Attorney General reported a data breach involving Bank of the West on July 16, 2014. The breach was related to an email scam that compromised the login credentials of two employees, potentially exposing customer names and Social Security Numbers, though no evidence of actual viewing or theft was confirmed.
Description: The California Office of the Attorney General reported a data breach involving Bank of the West on February 5, 2014. The breach, discovered on December 19, 2013, involved unauthorized access to a retired internet application for job listings and applications, potentially exposing user names, passwords, and personal information such as names, addresses, social security numbers, and driver's license numbers. The number of affected individuals is currently unknown.
No incidents recorded for BNP Paribas CIB in 2026.
No incidents recorded for BNP Paribas CIB in 2026.
No incidents recorded for BNP Paribas CIB in 2026.
BPC cyber incidents detection timeline including parent company and subsidiaries
In a changing world, we aim at anticipating transformation and driving your company for success. We are convinced to have the expertise and networks you need to develop your business. BNP Paribas Corporate and Institutional Banking is a leading global financial partner, offering you a wide range of tailored solutions in Capital Markets, Securities Services, Financing, Treasury and Advisory Services. If you want to know more about us, visit www.cib.bnpparibas.com
Angel One Limited is a Fintech company providing broking services, margin trading facility, research services, depository services, investment education and distribution of third-party financial products to its clients, on a mission to become the No. 1 fintech organization in India. With about 32 mi
Founded in April 2007, Bajaj Finserv is the financial arm of the Bajaj group. We believe in a simple philosophy to never settle for good and go for great. This reflects in our extensive product portfolio that spans across 3 broad categories- lending, insurance and wealth advisory. With 24 products s
Discover® is now part of Capital One. Together, we’ll continue to deliver exceptional financial products and experiences, drive innovation, and serve customers. Find the latest updates at https://capitalonediscover.com. Discover is one of the most recognized brands in the U.S. with the Discover® ca
Navy Federal is the world’s largest credit union, with more than 15 million members, $190 billion+ in assets and 25,000+ employees. Throughout campuses in Vienna, VA Pensacola, FL and Winchester, VA, as well as 370 branches, we serve the Armed Forces, Department of Defense, Veterans and their famili
ICE (NYSE: ICE) connects people to data, technology and expertise that create opportunity and inspire innovation. For terms of use, visit www.ice.co
We’re a bank, but there’s more to it than that. When you join BMO, it opens a world of opportunities. This is a team that's committed to helping you succeed – personally and professionally. Because at BMO, when you grow, we grow. You know your worth and so do we. That’s why we offer the righ
Ally Financial Inc. (NYSE: ALLY) is a leading digital financial services company and a top 25 U.S. financial holding company offering financial products for consumers, businesses, automotive dealers and corporate clients. NMLS #3015 | #181005 | https://www.nmlsconsumeraccess.org/ Ally's legacy da
Founded in 2006, CreditEase is a Beijing-based world-leading FinTech conglomerate in China. It specializes in inclusive finance and wealth management with a dominant position in credit technology, wealth management technology, insurance technology, etc. Main business sectors of CreditEase include Yi
Prudential Financial (NYSE:PRU) was founded on the belief that financial security should be within reach for everyone, and for over 140 years, we have helped our customers reach their potential and tackle life's challenges for now and future generations to come. Today, we are one of the world’s larg
.png)
Hong Kong broadband service provider HKBN Ltd. is marketing its first sustainability-linked syndicated loan of as much as HK$6.75 billion...
Swift enhances fraud detection in cross-border payments with AI-powered Payment Controls Service, boosting security and reducing financial...
11/06/2024 - Discover our news on VIVA Technology 2024: 8 tech takeaways - The bank for a changing world - BNP Paribas.
AI is a powerful tool for detecting and preventing major risks for the Bank and our clients: fraud, money laundering and, in particular, cyber-attacks.
The structure of the local securities services market is gradually reaching what we believe is a sustainable position for the $3.5 trillion Australian custody...
The battle to win corporate treasurers' trust is underway, explains Jacques Levet – Head of Transaction Banking EMEA at BNP Paribas CIB...
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
The official website of BNP Paribas CIB is https://cib.bnpparibas/.
According to Rankiteo, BNP Paribas CIB’s AI-generated cybersecurity score is 786, reflecting their Fair security posture.
According to Rankiteo, BNP Paribas CIB currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
According to Rankiteo, BNP Paribas CIB has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.
According to Rankiteo, BNP Paribas CIB is not certified under SOC 2 Type 1.
According to Rankiteo, BNP Paribas CIB does not hold a SOC 2 Type 2 certification.
According to Rankiteo, BNP Paribas CIB is not listed as GDPR compliant.
According to Rankiteo, BNP Paribas CIB does not currently maintain PCI DSS compliance.
According to Rankiteo, BNP Paribas CIB is not compliant with HIPAA regulations.
According to Rankiteo,BNP Paribas CIB is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
BNP Paribas CIB operates primarily in the Financial Services industry.
BNP Paribas CIB employs approximately 15,383 people worldwide.
BNP Paribas CIB presently has no subsidiaries across any sectors.
BNP Paribas CIB’s official LinkedIn profile has approximately 366,868 followers.
BNP Paribas CIB is classified under the NAICS code 52, which corresponds to Finance and Insurance.
No, BNP Paribas CIB does not have a profile on Crunchbase.
Yes, BNP Paribas CIB maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/bnpparibascorporateandinstitutionalbanking.
As of January 21, 2026, Rankiteo reports that BNP Paribas CIB has experienced 7 cybersecurity incidents.
BNP Paribas CIB has an estimated 30,814 peer or competitor companies worldwide.
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
Detection and Response: The company detects and responds to cybersecurity incidents through an communication strategy with public disclosure via california office of the attorney general..
Title: Bank of Montreal Data Breach
Description: Hackers targeted Bank of Montreal, potentially stealing the personal information of tens of thousands of customers. The hackers demanded a $1-million ransom from the bank.
Type: Data Breach, Ransomware
Threat Actor: Hackers
Motivation: Financial Gain
Title: Bank of the West Data Breach
Description: Unauthorized access to a retired internet application for job listings and applications, potentially exposing user names, passwords, and personal information such as names, addresses, social security numbers, and driver's license numbers.
Date Detected: 2013-12-19
Date Publicly Disclosed: 2014-02-05
Type: Data Breach
Attack Vector: Unauthorized Access
Vulnerability Exploited: Retired Internet Application
Title: Bank of the West ATM Skimming Data Breach
Description: The California Office of the Attorney General reported that Bank of the West experienced a data breach involving ATM skimming devices discovered on April 9, 2017. The breach potentially exposed debit card numbers and PINs as a result of fraudulent activities affecting customers in Southern California. It is estimated that the unauthorized devices were in place from February 1, 2017, to April 9, 2017.
Date Detected: 2017-04-09
Type: Data Breach
Attack Vector: ATM Skimming
Vulnerability Exploited: Physical Security
Motivation: Financial Gain
Title: Bank of the West Data Breach
Description: The California Office of the Attorney General reported a data breach involving Bank of the West on July 16, 2014. The breach was related to an email scam that compromised the login credentials of two employees, potentially exposing customer names and Social Security Numbers, though no evidence of actual viewing or theft was confirmed.
Date Detected: 2014-07-16
Date Publicly Disclosed: 2014-07-16
Type: Data Breach
Attack Vector: Email Scam
Vulnerability Exploited: Compromised Login Credentials
Title: Bank of the West Data Breach
Description: Unauthorized third parties accessed employee email accounts at a contracted service provider, potentially affecting personal information including business names and Social Security numbers linked to businesses.
Date Detected: 2018-03-02
Date Publicly Disclosed: 2018-08-20
Type: Data Breach
Attack Vector: Email Account Compromise
Threat Actor: Unauthorized third parties
Title: Bank of the West ATM Skimming Incident
Description: The California Office of the Attorney General reported a data breach involving Bank of the West on April 5, 2019. The breach occurred due to the installation of an ATM skimming device at the Campbell Branch ATM between December 3, 2018, and December 22, 2018, potentially compromising debit card information such as card numbers and PINs for an unspecified number of individuals.
Date Detected: 2019-04-05
Date Publicly Disclosed: 2019-04-05
Type: Data Breach
Attack Vector: ATM Skimming
Vulnerability Exploited: Physical Security
Motivation: Financial Gain
Title: Bank of the West ATM Skimming Incident
Description: The California Office of the Attorney General reported a data breach involving Bank of the West on June 23, 2022. The breach involved an ATM skimming incident discovered between November 10, 2021, and April 18, 2022, potentially compromising card numbers, PINs, and personal information of affected individuals, but the total number of individuals affected is unknown.
Date Detected: 2022-04-18
Date Publicly Disclosed: 2022-06-23
Type: Data Breach (ATM Skimming)
Attack Vector: Physical ATM Skimming Device
Motivation: Financial Gain (Likely)
Common Attack Types: The most common types of attacks the company has faced is Breach.
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through ATM Machines, Email Scam, Email Account Compromise, ATM Skimming Device and Physical ATM Tampering.
Data Compromised: Personal Information
Data Compromised: User names, Passwords, Names, Addresses, Social security numbers, Driver's license numbers
Systems Affected: Retired Internet Application for Job Listings and Applications
Data Compromised: Debit card numbers, Pins
Systems Affected: ATM Machines
Payment Information Risk: High
Data Compromised: Customer names, Social security numbers
Data Compromised: Business names, Social security numbers
Data Compromised: Debit card numbers, Pins
Systems Affected: ATM
Payment Information Risk: High
Data Compromised: Card numbers, Pins, Personal information
Systems Affected: ATMs
Brand Reputation Impact: Potential Negative Impact (Undisclosed)
Identity Theft Risk: High (Potential)
Payment Information Risk: High (Card Numbers and PINs Compromised)
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Personal Information, User Names, Passwords, Names, Addresses, Social Security Numbers, Driver'S License Numbers, , Debit Card Numbers, Pins, , Customer Names, Social Security Numbers, , Business Names, Social Security Numbers, , Debit Card Numbers, Pins, , Card Numbers, Pins, Personal Information and .
Entity Name: Bank of Montreal
Entity Type: Bank
Industry: Financial Services
Customers Affected: Up to 50,000
Entity Name: Bank of the West
Entity Type: Financial Institution
Industry: Banking
Entity Name: Bank of the West
Entity Type: Financial Institution
Industry: Banking
Location: Southern California
Entity Name: Bank of the West
Entity Type: Financial Institution
Industry: Banking
Location: California
Entity Name: Bank of the West
Entity Type: Financial Institution
Industry: Banking
Entity Name: Bank of the West
Entity Type: Financial Institution
Industry: Banking
Location: Campbell Branch
Entity Name: Bank of the West
Entity Type: Financial Institution
Industry: Banking
Location: California, USA
Customers Affected: Unknown
Communication Strategy: Public Disclosure via California Office of the Attorney General
Type of Data Compromised: Personal Information
Number of Records Exposed: Up to 50,000
Type of Data Compromised: User names, Passwords, Names, Addresses, Social security numbers, Driver's license numbers
Sensitivity of Data: High
Personally Identifiable Information: NamesAddressesSocial Security NumbersDriver's License Numbers
Type of Data Compromised: Debit card numbers, Pins
Sensitivity of Data: High
Type of Data Compromised: Customer names, Social security numbers
Sensitivity of Data: High
Type of Data Compromised: Business names, Social security numbers
Sensitivity of Data: High
Type of Data Compromised: Debit card numbers, Pins
Sensitivity of Data: High
Type of Data Compromised: Card numbers, Pins, Personal information
Number of Records Exposed: Unknown
Sensitivity of Data: High
Data Exfiltration: Likely (via Skimming Device)
Personally Identifiable Information: Yes
Ransom Demanded: $1-million
Regulatory Notifications: California Office of the Attorney General
Source: California Office of the Attorney General
Date Accessed: 2014-02-05
Source: California Office of the Attorney General
Source: California Office of the Attorney General
Date Accessed: 2014-07-16
Source: California Office of the Attorney General
Date Accessed: 2018-08-20
Source: California Office of the Attorney General
Date Accessed: 2019-04-05
Source: California Office of the Attorney General
Date Accessed: 2022-06-23
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: California Office of the Attorney GeneralDate Accessed: 2014-02-05, and Source: California Office of the Attorney General, and Source: California Office of the Attorney GeneralDate Accessed: 2014-07-16, and Source: California Office of the Attorney GeneralDate Accessed: 2018-08-20, and Source: California Office of the Attorney GeneralDate Accessed: 2019-04-05, and Source: California Office of the Attorney GeneralDate Accessed: 2022-06-23.
Investigation Status: Disclosed; Details Limited
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Public Disclosure via California Office of the Attorney General.
Entry Point: ATM Machines
Entry Point: Email Scam
Entry Point: Email Account Compromise
Entry Point: ATM Skimming Device
Entry Point: Physical ATM Tampering
High Value Targets: Customer Payment Data
Data Sold on Dark Web: Customer Payment Data
Root Causes: Compromised Login Credentials
Root Causes: Installation of ATM skimming device
Root Causes: Likely Physical Security Lapse at ATMs
Last Ransom Demanded: The amount of the last ransom demanded was $1-million.
Last Attacking Group: The attacking group in the last incident were an Hackers and Unauthorized third parties.
Most Recent Incident Detected: The most recent incident detected was on 2013-12-19.
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2022-06-23.
Most Significant Data Compromised: The most significant data compromised in an incident were Personal Information, User names, Passwords, Names, Addresses, Social Security Numbers, Driver's License Numbers, , Debit Card Numbers, PINs, , Customer Names, Social Security Numbers, , Business names, Social Security numbers, , Debit card numbers, PINs, , Card Numbers, PINs, Personal Information and .
Most Significant System Affected: The most significant system affected in an incident was Retired Internet Application for Job Listings and Applications and ATM Machines and ATM and ATMs.
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Names, Addresses, Personal Information, Social Security Numbers, Debit Card Numbers, Passwords, Social Security numbers, Business names, User names, Driver's License Numbers, Debit card numbers, PINs, Card Numbers and Customer Names.
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 50.0K.
Highest Ransom Demanded: The highest ransom demanded in a ransomware incident was $1-million.
Most Recent Source: The most recent source of information about an incident is California Office of the Attorney General.
Current Status of Most Recent Investigation: The current status of the most recent investigation is Disclosed; Details Limited.
Most Recent Entry Point: The most recent entry point used by an initial access broker were an ATM Skimming Device, ATM Machines, Email Account Compromise, Physical ATM Tampering and Email Scam.
Most Significant Root Cause: The most significant root cause identified in post-incident analysis was Compromised Login Credentials, Installation of ATM skimming device, Likely Physical Security Lapse at ATMs.
.png)
SummaryA command injection vulnerability (CWE-78) has been found to exist in the `wrangler pages deploy` command. The issue occurs because the `--commit-hash` parameter is passed directly to a shell command without proper validation or sanitization, allowing an attacker with control of `--commit-hash` to execute arbitrary commands on the system running Wrangler. Root causeThe commitHash variable, derived from user input via the --commit-hash CLI argument, is interpolated directly into a shell command using template literals (e.g., execSync(`git show -s --format=%B ${commitHash}`)). Shell metacharacters are interpreted by the shell, enabling command execution. ImpactThis vulnerability is generally hard to exploit, as it requires --commit-hash to be attacker controlled. The vulnerability primarily affects CI/CD environments where `wrangler pages deploy` is used in automated pipelines and the --commit-hash parameter is populated from external, potentially untrusted sources. An attacker could exploit this to: * Run any shell command. * Exfiltrate environment variables. * Compromise the CI runner to install backdoors or modify build artifacts. Credits Disclosed responsibly by kny4hacker. Mitigation * Wrangler v4 users are requested to upgrade to Wrangler v4.59.1 or higher. * Wrangler v3 users are requested to upgrade to Wrangler v3.114.17 or higher. * Users on Wrangler v2 (EOL) should upgrade to a supported major version.
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data as well as unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L).
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).
Get company history
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rapid