CBC
Company Details
Linkedin ID:
cbc
Website:
Employees number:
6,767
Number of followers:
86,788
NAICS:
515
Industry Type:
Homepage:
cbc.ca
IP Addresses:
0
Company ID:
CBC_2720880
Scan Status:
In-progress
CBC Company CyberSecurity Posture
cbc.ca
CBC/Radio-Canada is Canada's national public broadcaster and one of its largest cultural institutions. The Corporation is a leader in reaching Canadians on new platforms and delivers a comprehensive range of radio, television, Internet, and satellite-based services. Deeply rooted in the regions, CBC/Radio-Canada is the only domestic broadcaster to offer diverse regional and cultural perspectives in English, French and eight Aboriginal languages. ___ Community guidelines: https://www.cbc.ca/aboutcbc/discover/submissions.html
CBC A.I CyberSecurity Scoring
CBC Risk Score (AI oriented)Between 750 and 799
CBC
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
CBC Global Score (TPRM)XXXX
CBC
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
CBC Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
CBC
Breach
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: The CBC's more than 20,000 of its past, present, and contract employees personal and financial information were at risk after a break-in and the theft of computer equipment. An intruder broke into a secure area of CBC/Radio-Canada & stole a piece of computer equipment. The stolen equipment contains electronic files, including some financial information. A letter has been sent to the home addresses of all employees detailing the information that has been put at risk including names, bank accounts, and amounts deposited into bank accounts by CBC. CBC has budgeted $300,000 to cover the cost of notifying those affected by the breach and providing employees with a year's worth of credit monitoring and insurance against identity theft.
CBC Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for CBC
Incidents vs Broadcast Media Production and Distribution Industry Average (This Year)
No incidents recorded for CBC in 2026.
Incidents vs All-Companies Average (This Year)
No incidents recorded for CBC in 2026.
Incident Types CBC vs Broadcast Media Production and Distribution Industry Avg (This Year)
No incidents recorded for CBC in 2026.
Incident History — CBC (X = Date, Y = Severity)
CBC cyber incidents detection timeline including parent company and subsidiaries
CBC Company Subsidiaries
CBC/Radio-Canada is Canada's national public broadcaster and one of its largest cultural institutions. The Corporation is a leader in reaching Canadians on new platforms and delivers a comprehensive range of radio, television, Internet, and satellite-based services. Deeply rooted in the regions, CBC/Radio-Canada is the only domestic broadcaster to offer diverse regional and cultural perspectives in English, French and eight Aboriginal languages. ___ Community guidelines: https://www.cbc.ca/aboutcbc/discover/submissions.html
Loading...
CBC Similar Companies
CBC/Radio-Canada
CBC/Radio-Canada is Canada's national public broadcaster and a strong advocate of Canadian culture. We offer a unique space and a fresh Canadian perspective with unmatched cultural, musical and documentary programming. We do it in French, English and eight Aboriginal languages. Our activities prom
ESPN
ESPN is the leading multiplatform sports entertainment brand that features seven U.S. television networks, the leading sports app, direct-to-consumer ESPN+, leading social and digital platforms, ESPN.com, ESPN Audio, endeavors on every continent around the world, and more. ESPN is 80 percent owned b
iHeartMedia
iHeartMedia, Inc. [Nasdaq: IHRT] is the leading audio media company in America, with 90% of Americans listening to iHeart broadcast radio in every month. iHeart’s broadcast radio assets alone have a larger audience in the U.S. than any other media outlet; twice the size of the next largest broadcast
Fox Corporation
Under the FOX banner, we produce and distribute content through some of the world’s leading and most valued brands, including: FOX News Media, FOX Sports, FOX Entertainment, FOX Television Stations and Tubi Media Group. We empower a diverse range of creators to imagine and develop culturally signifi
Sky
Sky connects and entertains millions of people across Europe. At the heart of everything we do, is a belief that people deserve better. For decades, we’ve shaken up every category we entered to give people what they love, to make life a little easier and to provide great value. That’s how we bring m
MultiChoice Group
MultiChoice Group is a leading entertainment company and we’re home to some of the most recognised brands on the continent. Our entertainment platforms – DStv, GOtv, Showmax and DStv Now – are a hub for more than 19 million people across 50 countries. Through Irdeto, we‘re a world leader in content
.png)
CBC CyberSecurity News
January 20, 2026 12:24 AM
Infrastructure failure and cybersecurity threats top list of risks for City of Calgary
A new report finds critical infrastructure is at greater risk of failure in Calgary than it has been in the past, with 11 per cent of...
January 06, 2026 08:00 AM
Woodstock turns to online voting to boost turnout, but experts raise security concerns
As Woodstock becomes one of the latest municipalities in Ontario to adopt online voting for local elections, cybersecurity experts warn of...
January 05, 2026 08:00 AM
Aurora College suspends classes after cyberattack
Aurora College in the N.W.T. has suspended all classes this week after the school's network was subject to a cyberattack over the holidays.
December 29, 2025 08:00 AM
Nova Scotia Power incident report sheds some light on cyberattack response
The utility submitted an incident report to the province's energy board on Tuesday after the board asked Nova Scotia Power to provide more...
December 29, 2025 08:00 AM
Nova Scotia Power explains estimated billing as customers charged hundreds more than usual
Jim Harpell is dumbfounded when he looks at his power bills from this year. Harpell received an estimated bill of $2,755.78 for service...
December 23, 2025 08:00 AM
Nova Scotia Power releases report on cybersecurity breach
Nova Scotia Power releases report on cybersecurity breach ... The detailed report to the province's energy board outlines several findings about...
December 15, 2025 08:00 AM
Nova Scotia Power billed customer $500 for cottage that had power shut off for a year
Eric Orde, 89, says the power bill for the cottage he's owned outside of Annapolis Royal for 35 years is usually around $50 — not $500...
December 11, 2025 08:00 AM
Energy board to investigate Nova Scotia Power billing issues from cybersecurity breach
Nova Scotia's energy board has agreed to take a closer look at inaccurate billing and other aspects of the fallout from Nova Scotia Power's...
December 10, 2025 08:00 AM
Class-action lawsuit against Nova Scotia Power important for accountability, says law prof
A law firm has filed a class-action lawsuit against Nova Scotia Power over a cybersecurity breach earlier this year and subsequent billing...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
CBC CyberSecurity History Information
Official Website of CBC
The official website of CBC is http://www.cbc.ca.
CBC’s AI-Generated Cybersecurity Score
According to Rankiteo, CBC’s AI-generated cybersecurity score is 757, reflecting their Fair security posture.
How many security badges does CBC’ have ?
According to Rankiteo, CBC currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Has CBC been affected by any supply chain cyber incidents ?
According to Rankiteo, CBC has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.
Does CBC have SOC 2 Type 1 certification ?
According to Rankiteo, CBC is not certified under SOC 2 Type 1.
Does CBC have SOC 2 Type 2 certification ?
According to Rankiteo, CBC does not hold a SOC 2 Type 2 certification.
Does CBC comply with GDPR ?
According to Rankiteo, CBC is not listed as GDPR compliant.
Does CBC have PCI DSS certification ?
According to Rankiteo, CBC does not currently maintain PCI DSS compliance.
Does CBC comply with HIPAA ?
According to Rankiteo, CBC is not compliant with HIPAA regulations.
Does CBC have ISO 27001 certification ?
According to Rankiteo,CBC is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of CBC
CBC operates primarily in the Broadcast Media Production and Distribution industry.
Number of Employees at CBC
CBC employs approximately 6,767 people worldwide.
Subsidiaries Owned by CBC
CBC presently has no subsidiaries across any sectors.
CBC’s LinkedIn Followers
CBC’s official LinkedIn profile has approximately 86,788 followers.
NAICS Classification of CBC
CBC is classified under the NAICS code 515, which corresponds to Broadcasting (except Internet).
CBC’s Presence on Crunchbase
No, CBC does not have a profile on Crunchbase.
CBC’s Presence on LinkedIn
Yes, CBC maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/cbc.
Cybersecurity Incidents Involving CBC
As of January 22, 2026, Rankiteo reports that CBC has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
CBC has an estimated 4,044 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at CBC ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
What was the total financial impact of these incidents on CBC ?
Total Financial Loss: The total financial loss from these incidents is estimated to be $300 thousand.
How does CBC detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an remediation measures with credit monitoring, remediation measures with identity theft insurance, and communication strategy with letter to employees..
Incident Details
Can you provide details on each incident ?
Title: CBC Data Breach via Equipment Theft
Description: An intruder broke into a secure area of CBC/Radio-Canada and stole a piece of computer equipment containing personal and financial information of more than 20,000 past, present, and contract employees.
Type: Data Breach
Attack Vector: Physical Theft
Vulnerability Exploited: Physical Security
Threat Actor: Intruder
Motivation: Theft of Data
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Physical Access.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach CBC12317722
Financial Loss: $300,000
Data Compromised: Personal information, Financial information
Identity Theft Risk: High
Payment Information Risk: High
What is the average financial loss per incident ?
Average Financial Loss: The average financial loss per incident is $300.00 thousand.
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Personal Information, Financial Information and .
Which entities were affected by each incident ?
Incident : Data Breach CBC12317722
Entity Name: CBC/Radio-Canada
Entity Type: Media Organization
Industry: Media and Broadcasting
Location: Canada
Size: Large
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach CBC12317722
Remediation Measures: Credit MonitoringIdentity Theft Insurance
Communication Strategy: Letter to Employees
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach CBC12317722
Type of Data Compromised: Personal information, Financial information
Number of Records Exposed: 20,000
Sensitivity of Data: High
File Types Exposed: Electronic Files
Personally Identifiable Information: NamesBank AccountsAmounts Deposited
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Credit Monitoring, Identity Theft Insurance, .
Investigation Status
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Letter To Employees.
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Data Breach CBC12317722
Entry Point: Physical Access
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Data Breach CBC12317722
Root Causes: Inadequate Physical Security
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident was an Intruder.
Impact of the Incidents
What was the highest financial loss from an incident ?
Highest Financial Loss: The highest financial loss from an incident was $300,000.
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Personal Information, Financial Information and .
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Financial Information and Personal Information.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 20.0K.
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker was an Physical Access.
.png)
Latest Global CVEs (Not Company-Specific)
Description
Backstage is an open framework for building developer portals, and @backstage/backend-defaults provides the default implementations and setup for a standard Backstage backend app. Prior to versions 0.12.2, 0.13.2, 0.14.1, and 0.15.0, the `FetchUrlReader` component, used by the catalog and other plugins to fetch content from URLs, followed HTTP redirects automatically. This allowed an attacker who controls a host listed in `backend.reading.allow` to redirect requests to internal or sensitive URLs that are not on the allowlist, bypassing the URL allowlist security control. This is a Server-Side Request Forgery (SSRF) vulnerability that could allow access to internal resources, but it does not allow attackers to include additional request headers. This vulnerability is fixed in `@backstage/backend-defaults` version 0.12.2, 0.13.2, 0.14.1, and 0.15.0. Users should upgrade to this version or later. Some workarounds are available. Restrict `backend.reading.allow` to only trusted hosts that you control and that do not issue redirects, ensure allowed hosts do not have open redirect vulnerabilities, and/or use network-level controls to block access from Backstage to sensitive internal endpoints.
Risk Information
cvss3
Base: 3.5
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N
Description
Backstage is an open framework for building developer portals, and @backstage/cli-common provides config loading functionality used by the backend and command line interface of Backstage. Prior to version 0.1.17, the `resolveSafeChildPath` utility function in `@backstage/backend-plugin-api`, which is used to prevent path traversal attacks, failed to properly validate symlink chains and dangling symlinks. An attacker could bypass the path validation via symlink chains (creating `link1 → link2 → /outside` where intermediate symlinks eventually resolve outside the allowed directory) and dangling symlinks (creating symlinks pointing to non-existent paths outside the base directory, which would later be created during file operations). This function is used by Scaffolder actions and other backend components to ensure file operations stay within designated directories. This vulnerability is fixed in `@backstage/backend-plugin-api` version 0.1.17. Users should upgrade to this version or later. Some workarounds are available. Run Backstage in a containerized environment with limited filesystem access and/or restrict template creation to trusted users.
Risk Information
cvss3
Base: 6.3
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
Description
Backstage is an open framework for building developer portals. Multiple Scaffolder actions and archive extraction utilities were vulnerable to symlink-based path traversal attacks. An attacker with access to create and execute Scaffolder templates could exploit symlinks to read arbitrary files via the `debug:log` action by creating a symlink pointing to sensitive files (e.g., `/etc/passwd`, configuration files, secrets); delete arbitrary files via the `fs:delete` action by creating symlinks pointing outside the workspace, and write files outside the workspace via archive extraction (tar/zip) containing malicious symlinks. This affects any Backstage deployment where users can create or execute Scaffolder templates. This vulnerability is fixed in `@backstage/backend-defaults` versions 0.12.2, 0.13.2, 0.14.1, and 0.15.0; `@backstage/plugin-scaffolder-backend` versions 2.2.2, 3.0.2, and 3.1.1; and `@backstage/plugin-scaffolder-node` versions 0.11.2 and 0.12.3. Users should upgrade to these versions or later. Some workarounds are available. Follow the recommendation in the Backstage Threat Model to limit access to creating and updating templates, restrict who can create and execute Scaffolder templates using the permissions framework, audit existing templates for symlink usage, and/or run Backstage in a containerized environment with limited filesystem access.
Risk Information
cvss3
Base: 7.1
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:L
Description
FastAPI Api Key provides a backend-agnostic library that provides an API key system. Version 1.1.0 has a timing side-channel vulnerability in verify_key(). The method applied a random delay only on verification failures, allowing an attacker to statistically distinguish valid from invalid API keys by measuring response latencies. With enough repeated requests, an adversary could infer whether a key_id corresponds to a valid key, potentially accelerating brute-force or enumeration attacks. All users relying on verify_key() for API key authentication prior to the fix are affected. Users should upgrade to version 1.1.0 to receive a patch. The patch applies a uniform random delay (min_delay to max_delay) to all responses regardless of outcome, eliminating the timing correlation. Some workarounds are available. Add an application-level fixed delay or random jitter to all authentication responses (success and failure) before the fix is applied and/or use rate limiting to reduce the feasibility of statistical timing attacks.
Risk Information
cvss3
Base: 3.7
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Description
The Flux Operator is a Kubernetes CRD controller that manages the lifecycle of CNCF Flux CD and the ControlPlane enterprise distribution. Starting in version 0.36.0 and prior to version 0.40.0, a privilege escalation vulnerability exists in the Flux Operator Web UI authentication code that allows an attacker to bypass Kubernetes RBAC impersonation and execute API requests with the operator's service account privileges. In order to be vulnerable, cluster admins must configure the Flux Operator with an OIDC provider that issues tokens lacking the expected claims (e.g., `email`, `groups`), or configure custom CEL expressions that can evaluate to empty values. After OIDC token claims are processed through CEL expressions, there is no validation that the resulting `username` and `groups` values are non-empty. When both values are empty, the Kubernetes client-go library does not add impersonation headers to API requests, causing them to be executed with the flux-operator service account's credentials instead of the authenticated user's limited permissions. This can result in privilege escalation, data exposure, and/or information disclosure. Version 0.40.0 patches the issue.
Risk Information
cvss3
Base: 5.3
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
References
- https://github.com/controlplaneio-fluxcd/flux-operator/commit/084540424f6de8ba5d88fb1fd1e8472ba29afd7e
- https://github.com/controlplaneio-fluxcd/flux-operator/pull/610
- https://github.com/controlplaneio-fluxcd/flux-operator/releases/tag/v0.40.0
- https://github.com/controlplaneio-fluxcd/flux-operator/security/advisories/GHSA-4xh5-jcj2-ch8q
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=cbc' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
