BMS
Company Details
Linkedin ID:
bristol-myers-squibb
Website:
Employees number:
38,467
Number of followers:
1,665,425
NAICS:
3254
Industry Type:
Homepage:
bms.com
IP Addresses:
0
Company ID:
BRI_4781074
Scan Status:
In-progress
Bristol Myers Squibb Company CyberSecurity Posture
bms.com
At Bristol Myers Squibb, we work every day to transform patients’ lives through science. That work inspires some of the most interesting, meaningful, and life-changing careers you’ll experience. Join us and pursue innovative ideas alongside some of the brightest minds in biopharma, collaborating with a team rich in diversity of experiences, and perspectives. We have built a sustainable pipeline of potential therapies and are leveraging translational medicine and data analytics to understand how we can deliver the right medicine to the right patient, at the right time, to achieve the best outcome. Whether in a scientific, business or supporting function, a career at BMS means you’ll be inspired every day to grow and thrive through opportunities that are uncommon in scale and scope. Here, you’ll be on the cutting edge of powerful innovation in oncology, hematology, immunology, cardiovascular disease, and fibrosis, with colleagues united in the mission to help patients. Through the Bristol Myers Squibb Foundation, we also promote health equity and seek to improve health outcomes of populations disproportionately affected by serious diseases and conditions. Our mission is to give new hope to help patients prevail over serious disease – it drives everything we do. Review our Social Media Community Guidelines at: https://www.bms.com/social-media-community-guidelines.html
Bristol Myers Squibb A.I CyberSecurity Scoring
BMS Risk Score (AI oriented)Between 800 and 849
BMS
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
BMS Global Score (TPRM)XXXX
BMS
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
BMS Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
Bristol Myers Squibb
Cyber Attack
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The Washington State Office of the Attorney General reported a data breach involving Bristol Myers Squibb (BMS) on June 30, 2023. The breach, discovered on May 31, 2023, involved a cyberattack (malware) that affected 2,231 Washington residents, compromising their names, Social Security numbers, and full dates of birth, among other information.
BMS Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for BMS
Incidents vs Pharmaceutical Manufacturing Industry Average (This Year)
No incidents recorded for Bristol Myers Squibb in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Bristol Myers Squibb in 2025.
Incident Types BMS vs Pharmaceutical Manufacturing Industry Avg (This Year)
No incidents recorded for Bristol Myers Squibb in 2025.
Incident History — BMS (X = Date, Y = Severity)
BMS cyber incidents detection timeline including parent company and subsidiaries
BMS Company Subsidiaries
At Bristol Myers Squibb, we work every day to transform patients’ lives through science. That work inspires some of the most interesting, meaningful, and life-changing careers you’ll experience. Join us and pursue innovative ideas alongside some of the brightest minds in biopharma, collaborating with a team rich in diversity of experiences, and perspectives. We have built a sustainable pipeline of potential therapies and are leveraging translational medicine and data analytics to understand how we can deliver the right medicine to the right patient, at the right time, to achieve the best outcome. Whether in a scientific, business or supporting function, a career at BMS means you’ll be inspired every day to grow and thrive through opportunities that are uncommon in scale and scope. Here, you’ll be on the cutting edge of powerful innovation in oncology, hematology, immunology, cardiovascular disease, and fibrosis, with colleagues united in the mission to help patients. Through the Bristol Myers Squibb Foundation, we also promote health equity and seek to improve health outcomes of populations disproportionately affected by serious diseases and conditions. Our mission is to give new hope to help patients prevail over serious disease – it drives everything we do. Review our Social Media Community Guidelines at: https://www.bms.com/social-media-community-guidelines.html
Loading...
BMS Similar Companies
For almost 50 years, we’ve been creating high-quality medicines and making them accessible to the people who need them. We are a trusted, reliable partner and dependable source of over 800* high-quality generic, specialty and branded pharmaceutical products that hospitals, physicians and pharmacists
Ipca Laboratories Limited
A consumer-led global pharmaceutical company, creating healthy doses of life since 1949. When you operate in an industry like pharmaceuticals, your work goes way beyond creating ‘products for customers’. It is different from any other domain – there lies a higher sense of responsibiliti and a need
Takeda
We strive to transform lives. While the science we advance is constantly evolving, our core purpose is enduring. For more than two centuries, our values have guided us to do what’s right for patients and for society. We know that changing lives requires us to do things differently. We start by list
Zydus Group
The Zydus Group with an overarching purpose of empowering people with freedom to live healthier and more fulfilled lives, is an innovative, global life-sciences company that discovers, develops, manufactures, and markets a broad range of healthcare therapies. The group employs over 27000 people worl
Johnson & Johnson Innovative Medicine
At Johnson & Johnson Innovative Medicine, we innovate with purpose, to lead where medicine is going. The experiences of patients around the world inform and inspire our science-based innovations, which continue to change and save lives. Applying rigorous science with compassion, we confidently addre
Lupin
Lupin Limited is a global pharmaceutical leader headquartered in Mumbai, India, with products distributed in over 100 markets. Lupin specializes in pharmaceutical products, including branded and generic formulations, complex generics, biotechnology products, and active pharmaceutical ingredients. Tr
MACLEODS PHARMACEUTICALS LTD.
A vertically integrated, Global Pharmaceutical Company. Established in 1989, we are engaged in developing, manufacturing, and marketing a wide range of formulations across several major therapeutic areas including anti-infectives, cardiovascular, anti-diabetic, dermatology, and hormone treatment.
Viatris
Viatris Inc. (NASDAQ: VTRS) is a global healthcare company uniquely positioned to bridge the traditional divide between generics and brands, combining the best of both to more holistically address healthcare needs globally. With a mission to empower people worldwide to live healthier at every stage
Sandoz
Sandoz is the global leader in generic and biosimilar medicines. Our Purpose is to pioneer access to medicines for patients globally. We are on a mission to drive innovation in the healthcare industry by freeing up resources sustainably and responsibly while continuing to address global health c
.png)
BMS CyberSecurity News
December 10, 2025 09:16 PM
Bristol Myers Squibb Announces Dividend Increase
PRINCETON, N.J., December 10, 2025--(BUSINESS WIRE)--Bristol Myers Squibb (NYSE: BMY) today announced that its Board of Directors has...
December 03, 2025 08:00 AM
Bristol Myers Squibb Company (BMY) Is a Trending Stock: Facts to Know Before Betting on It
Bristol Myers Squibb (BMY) has been one of the most searched-for stocks on Zacks.com lately. So, you might want to look at some of the facts...
December 01, 2025 08:00 AM
Bristol Myers must face $6.7 billion lawsuit over delayed cancer drug, US judge rules
judge on Monday rejected Bristol Myers Squibb's bid to dismiss a $6.7 billion lawsuit claiming it cheated shareholders of the former...
November 24, 2025 08:00 AM
PacBio, Bristol-Myers Squibb, Oscar Health, Centene, and Molina Healthcare Shares Are Soaring, What You Need To Know
A number of stocks jumped in the afternoon session after a Politico report revealed that the White House plans to pitch a two-year extension...
November 12, 2025 08:00 AM
Privacy notice center
BMS aims to collect, use, and share information that we obtain about you in a manner consistent with our company values.
November 11, 2025 04:23 PM
Sydney Klein
Sydney Klein is Global Chief Information Security Officer and Head of Enterprise IT at Bristol Myers Squibb (BMS) where she leads cybersecurity,...
November 11, 2025 08:00 AM
Bernstein Assigns Bristol-Myers Squibb Company (BMY) a Hold Rating
Bristol-Myers Squibb Company (NYSE:BMY) is one of the best undervalued stocks to buy under $50. Bristol-Myers Squibb Company (NYSE:BMY) was...
November 05, 2025 08:00 AM
Bristol Myers reaches $239 million settlement over psoriasis, MS drugs
(Reuters) -Bristol Myers Squibb reached a $239 million settlement of claims that former Celgene shareholders were defrauded about prospects...
October 30, 2025 07:00 AM
Bristol Myers Squibb (BMY) Q3 Earnings and Revenues Surpass Estimates
Bristol Myers (BMY) delivered earnings and revenue surprises of +10.14% and +3.33%, respectively, for the quarter ended September 2025.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
BMS CyberSecurity History Information
Official Website of Bristol Myers Squibb
The official website of Bristol Myers Squibb is http://www.bms.com.
Bristol Myers Squibb’s AI-Generated Cybersecurity Score
According to Rankiteo, Bristol Myers Squibb’s AI-generated cybersecurity score is 821, reflecting their Good security posture.
How many security badges does Bristol Myers Squibb’ have ?
According to Rankiteo, Bristol Myers Squibb currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Bristol Myers Squibb have SOC 2 Type 1 certification ?
According to Rankiteo, Bristol Myers Squibb is not certified under SOC 2 Type 1.
Does Bristol Myers Squibb have SOC 2 Type 2 certification ?
According to Rankiteo, Bristol Myers Squibb does not hold a SOC 2 Type 2 certification.
Does Bristol Myers Squibb comply with GDPR ?
According to Rankiteo, Bristol Myers Squibb is not listed as GDPR compliant.
Does Bristol Myers Squibb have PCI DSS certification ?
According to Rankiteo, Bristol Myers Squibb does not currently maintain PCI DSS compliance.
Does Bristol Myers Squibb comply with HIPAA ?
According to Rankiteo, Bristol Myers Squibb is not compliant with HIPAA regulations.
Does Bristol Myers Squibb have ISO 27001 certification ?
According to Rankiteo,Bristol Myers Squibb is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Bristol Myers Squibb
Bristol Myers Squibb operates primarily in the Pharmaceutical Manufacturing industry.
Number of Employees at Bristol Myers Squibb
Bristol Myers Squibb employs approximately 38,467 people worldwide.
Subsidiaries Owned by Bristol Myers Squibb
Bristol Myers Squibb presently has no subsidiaries across any sectors.
Bristol Myers Squibb’s LinkedIn Followers
Bristol Myers Squibb’s official LinkedIn profile has approximately 1,665,425 followers.
NAICS Classification of Bristol Myers Squibb
Bristol Myers Squibb is classified under the NAICS code 3254, which corresponds to Pharmaceutical and Medicine Manufacturing.
Bristol Myers Squibb’s Presence on Crunchbase
Yes, Bristol Myers Squibb has an official profile on Crunchbase, which can be accessed here: https://www.crunchbase.com/organization/bristol-myers-squibb.
Bristol Myers Squibb’s Presence on LinkedIn
Yes, Bristol Myers Squibb maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/bristol-myers-squibb.
Cybersecurity Incidents Involving Bristol Myers Squibb
As of December 13, 2025, Rankiteo reports that Bristol Myers Squibb has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
Bristol Myers Squibb has an estimated 5,425 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Bristol Myers Squibb ?
Incident Types: The types of cybersecurity incidents that have occurred include Cyber Attack.
Incident Details
Can you provide details on each incident ?
Title: Bristol Myers Squibb Data Breach
Description: A data breach involving Bristol Myers Squibb (BMS) was reported by the Washington State Office of the Attorney General on June 30, 2023. The breach, discovered on May 31, 2023, involved a cyberattack (malware) that affected 2,231 Washington residents, compromising their names, Social Security numbers, and full dates of birth, among other information.
Date Detected: 2023-05-31
Date Publicly Disclosed: 2023-06-30
Type: Data Breach
Attack Vector: Malware
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Cyber Attack.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach BRI533080525
Data Compromised: Names, Social security numbers, Full dates of birth
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Names, Social Security Numbers, Full Dates Of Birth and .
Which entities were affected by each incident ?
Incident : Data Breach BRI533080525
Entity Name: Bristol Myers Squibb
Entity Type: Company
Industry: Pharmaceuticals
Customers Affected: 2231
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach BRI533080525
Type of Data Compromised: Names, Social security numbers, Full dates of birth
Number of Records Exposed: 2231
Sensitivity of Data: High
References
Where can I find more information about each incident ?
Incident : Data Breach BRI533080525
Source: Washington State Office of the Attorney General
Date Accessed: 2023-06-30
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Washington State Office of the Attorney GeneralDate Accessed: 2023-06-30.
Additional Questions
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2023-05-31.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2023-06-30.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Names, Social Security numbers, Full dates of birth and .
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Social Security numbers, Names and Full dates of birth.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 224.0.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident is Washington State Office of the Attorney General.
.png)
Latest Global CVEs (Not Company-Specific)
Description
LibreChat is a ChatGPT clone with additional features. In versions 0.8.0 and below, there is no handler for JSON parsing errors; SyntaxError from express.json() includes user input in the error message, which gets reflected in responses. User input (including HTML/JavaScript) can be exposed in error responses, creating an XSS risk if Content-Type isn't strictly enforced. This issue does not have a fix at the time of publication.
Risk Information
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
LibreChat is a ChatGPT clone with additional features. In versions 0.8.0 and below, when creating prompts, JSON requests are sent to define and modify the prompts via PATCH endpoint for prompt groups (/api/prompts/groups/:groupId). However, the request bodies are not sufficiently validated for proper input, enabling users to modify prompts in a way that was not intended as part of the front end system. The patchPromptGroup function passes req.body directly to updatePromptGroup() without filtering sensitive fields. This issue is fixed in version 0.8.1.
Risk Information
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
LibreChat is a ChatGPT clone with additional features. In versions 0.8.0 and below, when a user posts a question, the iconURL parameter of the POST request can be modified by an attacker. The malicious code is then stored in the chat which can then be shared to other users. When sharing chats with a potentially malicious “tracker”, resources loaded can lead to loss of privacy for users who view the chat link that is sent to them. This issue is fixed in version 0.8.1.
Risk Information
cvss4
Base: 8.6
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
MaxKB is an open-source AI assistant for enterprise. Versions 2.3.1 and below have improper file permissions which allow attackers to overwrite the built-in dynamic linker and other critical files, potentially resulting in privilege escalation. This issue is fixed in version 2.4.0.
Risk Information
cvss3
Base: 8.8
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Description
MaxKB is an open-source AI assistant for enterprise. In versions 2.3.1 and below, the tool module allows an attacker to escape the sandbox environment and escalate privileges under certain concurrent conditions. This issue is fixed in version 2.4.0.
Risk Information
cvss3
Base: 8.8
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=bristol-myers-squibb' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
