Comparison Overview

Canadian Tire Corporation

VS

Speedway

Canadian Tire Corporation

2180 Yonge St, Toronto, Ontario, CA, M4S 2B9
Last Update: 2025-11-23
View Profile
Between 650 and 699
http://corp.canadiantire.ca/

Canadian Tire Corporation, Limited (“CTC”) is one of Canada’s most admired and trusted companies. With world-class owned brands and exciting market-leading merchandising strategies, we are continually innovating with purpose: to be there for Canadians from coast-to-coast. We are a group of companies that includes a retail segment, a financial services division and CT REIT. Our retail business is led by Canadian Tire, which was founded in 1922 and provides Canadians with products for life in Canada across its Living, Playing, Fixing, Automotive and Seasonal & Gardening categories. Party City, PartSource and Gas+ are key parts of the Canadian Tire network. Our retail segment also includes Mark's, a leading source for casual and industrial wear, Pro Hockey Life, a hockey speciality store catering to elite athletes, and SportChek, Hockey Experts, Sports Experts, and Atmosphere, which offer the best active wear brands. Our 1,700 retail and gasoline outlets are supported and strengthened by our Financial Services division and the tens of thousands of people employed across the country by our Company, local Dealers, franchisees and petroleum retailers. In addition, CTC owns and operates Helly Hansen, a leading technical outdoor brand based in Oslo, Norway. CTC is an integral part of the communities in which we operate and our legacy of community support, through national and local programs, is initiated and executed by our Corporation, Dealers, franchisees, store operators and employees. Since 2005, our Canadian Tire Jumpstart Charities has been helping kids overcome financial and accessibility barriers to sport and recreation in an effort to provide inclusive play for all kids of all abilities. For more information, visit corp.canadiantire.ca.

NAICS: 43
NAICS Definition: Retail Trade
Employees: 28,665
Subsidiaries: 0
12-month incidents
2
Known data breaches
2
Attack type number
1
View Profile

Speedway

500 Speedway Drive, Enon, OH, US, 45323
Last Update: 2025-11-23
Between 700 and 749
http://speedway.com/careers

Speedway operates across the U.S., predominately in the Midwest and East Coast. In May 2021, 7-Eleven acquired 3,800 Speedway Stores from Marathon Petroleum Corp., increasing 7-Eleven’s total number of stores to more than 13,000 in the U.S. and Canada and allowing 7-Eleven to bring convenience to more customers than ever before. Learn more about 7-Eleven and their family of brands here: https://corp.7-eleven.com/corp/about

NAICS: 43
NAICS Definition: Retail Trade
Employees: 18,314
Subsidiaries: 0
12-month incidents
0
Known data breaches
1
Attack type number
2

Compliance Badges Comparison

Security & Compliance Standards Overview

https://images.rankiteo.com/companyimages/canadian-tire.jpeg
Canadian Tire Corporation
ISO 27001
ISO 27001 certification not verified
Not verified
SOC2 Type 1
SOC2 Type 1 certification not verified
Not verified
SOC2 Type 2
SOC2 Type 2 certification not verified
Not verified
GDPR
GDPR certification not verified
Not verified
PCI DSS
PCI DSS certification not verified
Not verified
HIPAA
HIPAA certification not verified
Not verified
https://images.rankiteo.com/companyimages/speedway.jpeg
Speedway
ISO 27001
ISO 27001 certification not verified
Not verified
SOC2 Type 1
SOC2 Type 1 certification not verified
Not verified
SOC2 Type 2
SOC2 Type 2 certification not verified
Not verified
GDPR
GDPR certification not verified
Not verified
PCI DSS
PCI DSS certification not verified
Not verified
HIPAA
HIPAA certification not verified
Not verified
Compliance Summary
Canadian Tire Corporation
100%
Compliance Rate
0/4 Standards Verified
Speedway
0%
Compliance Rate
0/4 Standards Verified

Benchmark & Cyber Underwriting Signals

Incidents vs Retail Industry Average (This Year)

Canadian Tire Corporation has 471.43% more incidents than the average of same-industry companies with at least one recorded incident.

Incidents vs Retail Industry Average (This Year)

No incidents recorded for Speedway in 2025.

Incident History — Canadian Tire Corporation (X = Date, Y = Severity)

Canadian Tire Corporation cyber incidents detection timeline including parent company and subsidiaries

Incident History — Speedway (X = Date, Y = Severity)

Speedway cyber incidents detection timeline including parent company and subsidiaries

Notable Incidents

Last 3 Security & Risk Events by Company

https://images.rankiteo.com/companyimages/canadian-tire.jpeg
Canadian Tire Corporation
Incidents

Date Detected: 10/2025
Type:Breach
Blog: Blog

Date Detected: 5/2025
Type:Breach
Blog: Blog
https://images.rankiteo.com/companyimages/speedway.jpeg
Speedway
Incidents

Date Detected: 4/2023
Type:Breach
Blog: Blog

Date Detected: 4/2023
Type:Cyber Attack
Attack Vector: Credential Stuffing
Blog: Blog

FAQ

Speedway company demonstrates a stronger AI Cybersecurity Score compared to Canadian Tire Corporation company, reflecting its advanced cybersecurity posture governance and monitoring frameworks.

Canadian Tire Corporation and Speedway have experienced a similar number of publicly disclosed cyber incidents.

In the current year, Canadian Tire Corporation company has reported more cyber incidents than Speedway company.

Neither Speedway company nor Canadian Tire Corporation company has reported experiencing a ransomware attack publicly.

Both Speedway company and Canadian Tire Corporation company have disclosed experiencing at least one data breach.

Speedway company has reported targeted cyberattacks, while Canadian Tire Corporation company has not reported such incidents publicly.

Neither Canadian Tire Corporation company nor Speedway company has reported experiencing or disclosing vulnerabilities publicly.

Neither Canadian Tire Corporation nor Speedway holds any compliance certifications.

Neither company holds any compliance certifications.

Neither Canadian Tire Corporation company nor Speedway company has publicly disclosed detailed information about the number of their subsidiaries.

Canadian Tire Corporation company employs more people globally than Speedway company, reflecting its scale as a Retail.

Neither Canadian Tire Corporation nor Speedway holds SOC 2 Type 1 certification.

Neither Canadian Tire Corporation nor Speedway holds SOC 2 Type 2 certification.

Neither Canadian Tire Corporation nor Speedway holds ISO 27001 certification.

Neither Canadian Tire Corporation nor Speedway holds PCI DSS certification.

Neither Canadian Tire Corporation nor Speedway holds HIPAA certification.

Neither Canadian Tire Corporation nor Speedway holds GDPR certification.

Latest Global CVEs (Not Company-Specific)

Description

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.

Published
Date
2025-11-26
Updated
Date
2025-11-26
Risk Information
cvss4
Base: 7.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.

Published
Date
2025-11-26
Updated
Date
2025-11-26
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2.

Published
Date
2025-11-26
Updated
Date
2025-11-26
Risk Information
cvss4
Base: 6.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected when working with large buffers. This includes a rule passing a large buffer to a Lua script. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling Lua rules and output scripts, or making sure limits, such as stream.depth.reassembly and HTTP response body limits (response-body-limit), are set to less than half the stack size.

Published
Date
2025-11-26
Updated
Date
2025-11-26
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References
Description

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64_data. This issue has been patched in version 8.0.2. A workaround involves disabling rules that use entropy in conjunction with base64_data.

Published
Date
2025-11-26
Updated
Date
2025-11-26
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References