Rankiteo Logo
Rankiteo
Leader in Cyber Underwriting
Loading...
NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop
WindowsmacOSLinux
Download
Bombas

Bombas Vendor Cyber Rating & Cyber Score

bombas.com

Bombas is a comfort focused apparel brand with a mission to help those in need. The organization launched in 2013, after the founders learned that socks are the #1 most requested clothing item at homeless shelters. From there, they set out to solve that problem, donating a pair of socks for every pair they sell. How do you donate a lot of socks? You sell a lot. And how do you sell a lot? You make the most comfortable socks in the history of feet. Millions of pairs sold and donated later, Bombas is continuing to innovate with new socks and apparel while creating a positive impact on the community where we all work and live.


Bombas A.I CyberSecurity Scoring

Bombas
Company Information
Website:http://www.bombas.com
Employees number:292
Number of followers:39,809
NAICS:448
Industry Type:Retail Apparel and Fashion
Homepage:bombas.com
Bombas Risk Score (AI oriented)
Between 700 and 749
logo
BombasRetail Apparel and Fashion
Updated:
02/04/2026
731/1000
Moderate
Ba
AaaAaABaaBaBCaaCaC
Powered by our proprietary A.I cyber incident model
Insurance prefers TPRM score to calculate premium
Bombas Global Score (TPRM)
xxxx
logo
BombasRetail Apparel and Fashion
•••
Score locked
Instant access to detailed risk factors
Vulnerabilities
Benchmark vs. industry & size peers
Findings

Bombas
BombasModerate
Current Score
731Ba (MODERATE)
01000
4 incidents
0 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
733Before Incident
JUNE 2026
733Before Incident
MAY 2026
732Before Incident
APRIL 2026
732Before Incident
MARCH 2026
732Before Incident
FEBRUARY 2026
731Before Incident
JANUARY 2026
731Before Incident
DECEMBER 2025
730Before Incident
NOVEMBER 2025
729Before Incident
OCTOBER 2025
729Before Incident
SEPTEMBER 2025
728Before Incident
AUGUST 2025
728Before Incident
MAY 2018
659Before Incident
Malware
01 May 2018Bombas
Bombas

Malware Infection on E-commerce Platform

598After Incident
MEDIUM-61
BOM17491822
Malware in the code of the e-commerce platform was identified and initially removed from their website. They cannot determine which transactions were impacted. They have been sending this notice to all of the approximately 41,000 customers who made a credit card purchase on our website during the period the malware may have existed until the day the identified malware was finally removed.
INCIDENT DETAILS -
TYPE
Malware
IMPACT
Credit Card InformationE-commerce PlatformPayment Information Risk: High
DATA BREACH
Credit Card InformationSensitivity Of Data: High
NOVEMBER 2016
681Before Incident
Breach
11 Nov 2016Bombas
Bombas LLC

Bombas LLC Data Breach

620After Incident
CRITICAL-61
BOM623072725
The California Office of the Attorney General reported a data breach involving Bombas LLC on June 3, 2020. The breach occurred between November 11, 2016, and February 16, 2017, potentially exposing customers' names, addresses, and payment card data. The specific number of individuals affected is unknown.
INCIDENT DETAILS -
TYPE
Data Breach
IMPACT
namesaddressespayment card data
DATA BREACH
namesaddressespayment card data
SEPTEMBER 2014
692Before Incident
Breach
01 Sep 2014Bombas
Bombas LLC

Bombas LLC Data Breach (2014-2015)

631After Incident
CRITICAL-61
BOM726082025
The California Office of the Attorney General disclosed a data breach affecting Bombas LLC, a direct-to-consumer apparel company. The incident occurred between September 27, 2014, and February 25, 2015, but was only reported on August 31, 2018. The breach exposed personal customer data, including names, addresses, and credit card information, though the exact number of affected individuals remains undisclosed (labeled as 'UNKN' in reports).The compromised data suggests a financial and reputational risk, as payment details were accessed, potentially enabling fraudulent transactions or identity theft. While the breach did not involve ransomware or a full-scale system takeover, the prolonged exposure period (nearly five months) raises concerns about the company’s cybersecurity posture at the time. Customers were notified years after the initial compromise, further amplifying reputational damage due to delayed transparency.The incident aligns with patterns seen in e-commerce data breaches, where third-party vulnerabilities or insufficient safeguards lead to unauthorized access. No evidence suggests the attack escalated to operational disruptions or broader systemic threats, but the leak of payment data remains a critical failure in protecting customer trust.
INCIDENT DETAILS -
TYPE
Data Breach
IMPACT
namesaddressescredit card informationIdentity Theft Risk: PotentialPayment Information Risk: High
DATA BREACH
personal informationpayment informationNumber Of Records Exposed: UNKNSensitivity Of Data: Highnamesaddresses
SEPTEMBER 2013
765Before Incident
Breach
01 Sep 2013Bombas
Bombas, LLC

Bombas, LLC Data Breach (2018)

675After Incident
CRITICAL-90
BOM724082025
On May 18, 2018, Bombas, LLC suffered a data breach stemming from malware infiltrating its e-commerce platform. The incident exposed the personal and financial information of approximately 41,000 customers who conducted transactions between September 1, 2013, and February 9, 2015. Compromised data included names, addresses, and credit card details, all accessed without authorization. The breach was disclosed by the California Office of the Attorney General, highlighting vulnerabilities in the company’s payment processing system. While the exact duration of the malware’s presence remains undisclosed, the exposure period spanned over 17 months, raising concerns about prolonged undetected access. The breach did not involve ransomware demands or broader systemic disruptions but focused specifically on customer payment data, posing risks of fraud and identity theft. Bombas cooperated with authorities post-discovery, though the long-term repercussions for affected individuals—such as potential financial fraud or reputational harm to the brand—remain unresolved.
INCIDENT DETAILS -
TYPE
Data Breach
IMPACT
namesaddressescredit card detailse-commerce platformIdentity Theft Risk: High (credit card details exposed)Payment Information Risk: High (credit card details exposed)
DATA BREACH
personal informationpayment informationNumber Of Records Exposed: 41,000Sensitivity Of Data: HighData Exfiltration: YesPersonally Identifiable Information: Yes (names, addresses)

Frequently Asked Questions

?
What is the current A.I Rankiteo Cyber Score for Bombas ?
?
What was Bombas's A.I Rankiteo Cyber Score in June 2026 ?
?
What was Bombas's A.I Rankiteo Cyber Score in May 2026 ?
?
What was Bombas's A.I Rankiteo Cyber Score in April 2026 ?
?
What was Bombas's A.I Rankiteo Cyber Score in March 2026 ?
?
What was Bombas's A.I Rankiteo Cyber Score in February 2026 ?
?
What was Bombas's A.I Rankiteo Cyber Score in January 2026 ?
?
What was Bombas's A.I Rankiteo Cyber Score in December 2025 ?
?
What was Bombas's A.I Rankiteo Cyber Score in November 2025 ?
?
What was Bombas's A.I Rankiteo Cyber Score in October 2025 ?
?
What was Bombas's A.I Rankiteo Cyber Score in September 2025 ?
?
What was Bombas's A.I Rankiteo Cyber Score in August 2025 ?
?
What is the average per-incident point impact on Bombas's A.I Rankiteo Cyber Score over the past 12 months ?
?
Where can I access detailed records of all cyber incidents associated with Bombas ?
?
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ?
?
Where can I view Bombas's profile page on Rankiteo ?
?
How accurate is the A.I Rankiteo Risk Scoring methodology ?
Bombas Cyber Scoring History | Rankiteo