What is the official website of CCF ?

The official website of CCF is http://www.ccf-france.fr.

What is CCF's cybersecurity risk score?

CCF has an AI-generated cybersecurity risk score of 756 out of 1000, indicating a Fair security posture according to Rankiteo's assessment.

How many security incidents has CCF experienced?

According to Rankiteo, CCF currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.

Has CCF been affected by any supply chain cyber incidents ?

According to Rankiteo, CCF has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.

Does CCF have SOC 2 Type 1 certification ?

According to Rankiteo, CCF is not certified under SOC 2 Type 1.

Does CCF have SOC 2 Type 2 certification ?

According to Rankiteo, CCF does not hold a SOC 2 Type 2 certification.

Does CCF comply with GDPR ?

According to Rankiteo, CCF is not listed as GDPR compliant.

Does CCF have PCI DSS certification ?

According to Rankiteo, CCF does not currently maintain PCI DSS compliance.

Does CCF comply with HIPAA ?

According to Rankiteo, CCF is not compliant with HIPAA regulations.

Does CCF have ISO 27001 certification ?

According to Rankiteo,CCF is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.

Which industry does CCF operate in ?

CCF operates primarily in the Retail Office Equipment industry.

How many employees does CCF have ?

CCF employs approximately 235 people worldwide.

Does CCF own any subsidiaries ?

CCF presently has no subsidiaries across any sectors.

How many LinkedIn followers does CCF have ?

CCF's official LinkedIn profile has approximately 4,721 followers.

What is the NAICS classification code for CCF ?

CCF is classified under the NAICS code 45321, which corresponds to Office Supplies and Stationery Stores.

Does CCF have a Crunchbase profile ?

No, CCF does not have a profile on Crunchbase.

Does CCF have a LinkedIn profile ?

Yes, CCF maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/ccf-sonepar.

How many cybersecurity incidents has CCF experienced ?

As of June 14, 2026, Rankiteo reports that CCF has not experienced any cybersecurity incidents.

How many peer or competitor companies does CCF have ?

CCF has an estimated 2,185 peer or competitor companies worldwide.

NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop

WindowsmacOSLinux

Download

Badge your company to reduce your risk score and your cyber insurance costs!

Link verified badges to your company page to build trust with insurers and customers.

Apply now and get your badge!

Internal validation & live display

Insurers and partners see a safer profile

Faster underwriting decisions

Trusted by insurers. Chosen by leaders.

Proud contributor to the Society of Actuaries.

CCF

Boost Score +25 with badge (5 left)

756

/1000

Fair

781

/1000

Fair

CCF Vendor Cyber Rating & Cyber Score

ccf-france.fr

Add Your Compliance Badge

CCF Sonepar, distributeur SPÉCIALISÉ en solutions techniques, matériels et service associés autour du COURANT FAIBLE (vidéoprotection & vidéosurveillance, Datacom, alarme intrusion, interphonie, contrôle d’accès, VMS, alarme incendie...) exclusivement réservé aux professionnels. CCF Sonepar, une filiale du groupe Sonepar au service des installateurs depuis +de 50 ans. www.ccf-france.fr CCF est présent en France avec 12 agences et stocks de proximité ainsi qu'une expertise technique reconnue.

CCF A.I CyberSecurity Scoring

Scoring History

CCF

CCF CyberSecurity News & History

Past Incidents

Attack Types

Entity

Type

Severity

Impact

Seen

Blog Details

Supply Chain Source

Incident Details

View

No data available

Loading…

A.I.

CCF Company Scoring based on AI Models

Cyber Incidents Likelihood 3 - 6 - 9 months

Actual

Prediction

Incident Predictions locked

Access Monitoring Plan

A.I Risk Score Likelihood 3 - 6 - 9 months

Actual

Prediction A

Prediction B

Prediction C

Prediction D

A.I. Risk Score Predictions locked

Access Monitoring Plan

Loading…

Underwriter Stats for CCF

Incidents vs Retail Office Equipment Industry Avg (This Year)

No incidents recorded for CCF in 2026.

Incidents vs All-Companies Average (This Year)

No incidents recorded for CCF in 2026.

Incident Types CCF vs Retail Office Equipment Industry Avg (This Year)

No incidents recorded for CCF in 2026.

Incident History - CCF (X = Date, Y = Severity)

Loading…

SUBSIDIARY

CCF Subsidiaries

CCF

Retail Office Equipment

Website: http://www.ccf-france.fr

Company Size: 235

Sonepar FranceWholesale

SoneparWholesale

Technische UnieWholesale

Technische Unie DuurzaamConstruction

Technische Unie Datacom & Smart BuildingTransportation, Logistics, Supply Chain and Storage

Technische Unie IndustrieWholesale

Technische Unie LichtWholesale

TU CampusWholesale

Nortel Suprimentos Industriais S.A.Wholesale

Dimensional BrasilWholesale

Sonepar BrasilWholesale

DW Material ElétricoWholesale

EtilRetail

Sonepar ItaliaWholesale

Sacchi ElettrofornitureWholesale

Sonepar IndiaWholesale

Sonepar EspañaWholesale

Masibus Automation And Instrumentation Pvt. Ltd.Appliances, Electrical, and Electronics Manufacturing

Sonepar ColombiaWholesale

Sonepar Deutschland GmbHWholesale

Sonepar PerúAppliances, Electrical, and Electronics Manufacturing

EletronorWholesale

Sonepar SverigeWholesale

Sonepar Sverige SäkerhetWholesale

斯堪的亚电子（上海）有限公司Telecommunications

Sonepar SverigeWholesale Building Materials

Van Egmond GroepWholesale

CebeoWholesale

MayflexInformation Technology & Services

Excel Networking SolutionsIT Services and IT Consulting

RoutecoIndustrial Automation

Routeco NetherlandsIndustrial Automation

Routeco BeLuxIndustrial Automation

AutoLogic Systems Ltd.Transportation, Logistics, Supply Chain and Storage

Routeco AustriaAutomation Machinery Manufacturing

Routeco SwitzerlandAutomation Machinery Manufacturing

Corys ElectricalWholesale

Sonepar CanadaWholesale

LumenWholesale

TexcanWholesale

ElectrozadWholesale

Aztec Electrical Supply Inc.Automation Machinery Manufacturing

MGM (Now Dixon Electric)Wholesale

GescanWholesale

Dixon ElectricWholesale

Sonepar Suisse AGWholesale

Sonepar PolskaWholesale

Warren Del CaribeWholesale

Vallen AsiaWholesale

KVC | A Sonepar CompanyWholesale Appliances, Electrical, and Electronics

Sonepar USAWholesale

Viking ElectricWholesale

Crawford Electric SupplyWholesale

OneSource DistributorsWholesale

Irby Co.Wholesale

Capital ElectricWholesale

NorthEast ElectricalWholesale

Cooper ElectricAppliances, Electrical, and Electronics Manufacturing

North Coast ElectricWholesale

World Electric SupplyElectrical Equipment Manufacturing

Irby UtilitiesUtilities

Springfield ElectricWholesale

Codale Electric SupplyWholesale

Professional Electric Products Company (PEPCO)Wholesale

HOLT Electrical SupplyWholesale

QEDWholesale

Billows Electric SupplyConstruction

Independent Electric SupplyWholesale

Nedco SupplyWholesale

Cardi BelysningArchitecture and Planning

UbelWholesale

Sonepar ChileWholesale

Sonepar Österreich GmbHWholesale

Sonepar Suomi OyWholesale

Sonepar Česká republika spol. s r.o.Wholesale

HoST Pte Ltd ( A Sonepar Company )Wholesale

Sonepar ChinaWholesale

Alcione | A Sonepar CompanyWholesale

Sonepar IndustryWholesale

Sonepar México & CaribeWholesale

Sonepar BuildingWholesale

Sonepar ThailandWholesale

Sonepar Thailand CareerWholesale

Helifors ASWholesale

Sonepar Romania SRLWholesale

Sonepar Magyarország Kft.Wholesale

Sonepar Norge ASWholesale

Sonepar PortugalWholesale

Lawrence & HansonWholesale

Pacific DatacomInformation Technology & Services

Lawrence & Hanson Sustainability SolutionsRenewable Energy Semiconductor Manufacturing

Specialised Lighting SolutionsRenewable Energy Semiconductor Manufacturing

Lawrence & Hanson Industrial Automation SA/NTWholesale

Sonic AutomationWholesale

AldianceWholesale

Loading…

CCF Similar Companies

Grainger

https://www.grainger.com/?gucid=N:N:SM:Organic:LN:CSM-4520:Y1IDXW:20240420:APZ_1

As a leading business-to-business organization, more than 4.5 million customers worldwide rely on Grainger for products in categories such as safety, material handling and metalworking, along with services like inventory management and technical support. For our Team Members, Grainger provides value for customers, fostering an engaging culture and driving strong financial results. Our welcoming workplace enables you to learn, grow and make a difference by keeping businesses running and their people safe. For our customers we offer more than a million industrial-quality products, a consultative sales approach, technical and product expertise, a premium digital experience and the ability to get the right products to youright when you need them. Count on us for supplies and solutions for every industry. Visit Grainger.com® to learn more.

Staples

cb staples.com

For nearly 40 years, Staples has been a trusted leader in delivering end-to-end workplace solutions for consumers and businesses of all sizes across a broad range of industries. The company provides a comprehensive portfolio of products, strategic solutions, and services including print and marketing, shipping, technology, and travel. Its specialized assortment includes high-quality office supplies, janitorial products, technology, furniture, and breakroom essentials, all supported by best-in-class supply chain capabilities and a dedicated team of experts committed to making the workday easier. Headquartered near Boston, Massachusetts, Staples operates throughout North America via direct B2B sales, e-commerce, and more than 900 retail stores. To learn more, visit your local U.S. Staples store, download the Staples app, explore Staples.com or StaplesBusiness.com, or follow @Staples on social media.

The ODP Corporation

cb theodpcorp.com

The ODP Corporation (NASDAQ:ODP) is a leading provider of products and services through an integrated business-to-business (B2B) distribution platform and omnichannel presence, which includes world-class supply chain and distribution operations, dedicated sales professionals, a B2B digital procurement solution, online presence, and a network of Office Depot and OfficeMax retail stores. Through its operating companies Office Depot, LLC; ODP Business Solutions, LLC; Veyer, LLC; and Varis, LLC, The ODP Corporation empowers every business, professional, and consumer to achieve more every day.

Office Depot

cb odp.biz

Office Depot, LLC, an operating company of The ODP Corporation, is a leading specialty retailer providing innovative products and services delivered through a fully integrated omnichannel platform of Office Depot and OfficeMax retail stores and an award-winning online presence, OfficeDepot.com, to support the productivity and organization of its small business, home office and education clients. Office Depot is committed to enabling its clients’ success, strengthening local communities and providing equal opportunities for all. For more information, visit officedepot.com, download the Office Depot app on your iPhone or Android and follow @officedepot on LinkedIn, Facebook, Twitter, Instagram and TikTok. Office Depot is a trademark of The Office Club, Inc. OfficeMax is a trademark of OMX, Inc. ©2023 Office Depot, LLC. All rights reserved. Any other product or company names mentioned herein are the trademarks of their respective owners.

Loading…

NEWS

CCF CyberSecurity News

Latest updates, reports, and threat intel affecting the global network.

October 09, 2025 07:00 AM

Liberals revise border bill following CCF pushback

TORONTO – The federal Carney government has separated privacy-threatening provisions from its border security bill, C-2, into a new bill...

Read Article

October 01, 2025 07:00 AM

Bill C-8 would allow minister to secretly cut off phone, Internet service, CCF warns

The CCF is also concerned that Bill C-8 would allow the minister to weaken telecommunications companies' encryption standards, allowing for...

Read Article

September 19, 2025 07:00 AM

Tripwires Trigger Change: How Detection Engineering Elevates Cybersecurity

Detection engineering is emerging as a critical defense strategy in cybersecurity — and at Cleveland Clinic, it's driving measurable...

Read Article

August 05, 2025 07:00 AM

Cisco, CCF train Africans in conservation technology

Connected Conservation Foundation and Cisco Networking Academy have launched a free Protected Area Technician Training Program and in-field...

Read Article

July 24, 2025 07:00 AM

Printer Consolidation Cuts Cost, Brings New Mindset

Thoughtful collaboration, data-driven decisions and effective change management led to a reduction in printing expenses by one-third.

Read Article

July 18, 2025 07:00 AM

Microsoft Updates Blockchain Framework CCF

Microsoft enhances its CCF framework, enabling confidential blockchain applications with improved governance and secure multi-party...

Read Article

June 17, 2025 07:00 AM

10 Reasons Why You Need to Be At Convene: Cleveland

If you work at the intersection of people and security, then you got to join us this summer in Cleveland for our Convene conference.

Read Article

May 20, 2025 07:00 AM

Implementing an effective cybersecurity metrics program

As cybersecurity programs mature, the ability to communicate progress, risk, and impact to a broad set of stakeholders becomes increasingly...

Read Article

April 18, 2025 07:00 AM

Cleveland Clinic Leads First Transcontinental HIFU Procedure To Treat Prostate Cancer

The historic collaboration connected two Cleveland Clinic locations, enabling a real-time sharing of metrics and surgical progress.

Read Article

Loading…

CVE

Latest

Global CVEs (Not Company-Specific)

CVE-2026-12175

SUMMARY

A vulnerability was detected in CodeAstro Student Attendance Management System 1.0. Impacted is an unknown function of the file /attendance-php/Admin/createStudents.php. Performing a manipulation of the argument admissionNumber results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and may be used.

Published

Date2026-06-13

Updated

Date2026-06-13

RISK INFORMATION (Score: 4.7)

cvss2

Base Score: 5.8

Complexity: LOW

AV:N/AC:L/Au:M/C:P/I:P/A:P

cvss3

Base Score: 4.7

Complexity: LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

cvss4

Base Score: 2.0

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

3.4

Exploitability

1.2

REFERENCES

CVE-2026-12174

SUMMARY

A security vulnerability has been detected in D-Link DCS-935L 1.10.01. This issue affects the function snprintf of the file /web/cgi-bin/greece/rhea of the component HTTP Handler. Such manipulation of the argument data leads to format string. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.

Published

Date2026-06-13

Updated

Date2026-06-13

RISK INFORMATION (Score: 8.8)

cvss2

Base Score: 9.0

Complexity: LOW

AV:N/AC:L/Au:S/C:C/I:C/A:C

cvss3

Base Score: 8.8

Complexity: LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

cvss4

Base Score: 7.4

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

5.9

Exploitability

2.8

REFERENCES

CVE-2026-12183

SUMMARY

Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 through 2.10.2 on Linux contains an Improper Authentication vulnerability (CWE-287) in the system configuration module. The /php/ajax-login.php endpoint returns userid=1 (administrator) in response to any HTTP POST request that supplies arbitrary credentials (e.g., action=dologin&login=<any_value>&pwd=<any_value>), and subsequent privileged endpoints under /php/ajax-main.php and /modules/* do not validate a server-side session. A remote unauthenticated attacker can invoke any administrative action exposed by the configuration module, including reading and modifying user rules, fuel tank gauges, fuel dispensers, relays, cash registers, bank terminals, fuel cards, price and customer displays, cash collection, and pricing rules.

Published

Date2026-06-13

Updated

Date2026-06-13

RISK INFORMATION (Score: 9.8)

cvss3

Base Score: 9.8

Complexity: LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

cvss4

Base Score: 9.3

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

5.9

Exploitability

3.9

REFERENCES

CVE-2026-6428

SUMMARY

SQL Injection in reports/catalogue_out.pl in Koha Community Koha through 22.11.37, 23.x, 24.x before 24.11.16, 25.05.x before 25.05.11, 25.11.x before 25.11.05, 26.05.x before 26.05.01, and 26.11.x before 26.11.00 allows an authenticated staff user with the Reports module flag to read arbitrary data from the Koha application database via the Filter URL parameter when the Criteria parameter matches /branchcode/. The vulnerable sink in sub calculate concatenates the unmodified Filter request parameter directly into a LIKE clause of the auxiliary $strsth2 statement and executes it via DBI without bound parameters: my $f = @$filters[0]; $f =~ s/\*/%/g; $strsth2 .= " AND $column LIKE '$f' "; This enables error-based SQL injection (e.g., via EXTRACTVALUE) and full read access to sensitive tables including borrowers (password hashes, 2FA secrets, PII), borrower_password_recovery, api_keys, and sessions. Proof of concept (error-based, single request): GET /cgi-bin/koha/reports/catalogue_out.pl?do_it=1&output=screen&Limit=10&Criteria=branchcode&Filter=x'+AND+EXTRACTVALUE(1,CONCAT(0x7e,VERSION(),0x7c,USER(),0x7c,DATABASE(),0x7e))--+- Cookie: CGISESSID=<LIBRARIAN_SESSION> The response body contains the DBI exception leaking the MariaDB version, database user, client IP, and database name, after which arbitrary data can be paged out using LIMIT n,1 / SUBSTRING(...). The vulnerable sink was introduced in commit 6bb77ae3e4 (2008-07-09); CVE-2015-4633 patched the same class in sibling files but did not generalise the fix to reports/catalogue_out.pl. Fixed in Koha 22.11.38, 24.11.16, 25.05.11, 25.11.05, 26.05.01, and 26.11.00 by replacing the raw concatenation with a parameterised placeholder.

Published

Date2026-06-13

Updated

Date2026-06-13

RISK INFORMATION (Score: 7.6)

cvss2

Base Score: 7.5

Complexity: LOW

AV:N/AC:L/Au:S/C:C/I:N/A:P

cvss3

Base Score: 7.6

Complexity: LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

cvss4

Base Score: 5.6

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:C/RE:X/U:Amber

Impact Score

4.7

Exploitability

2.8

REFERENCES

CVE-2026-5513

SUMMARY

The Online Scheduling and Appointment Booking System – Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'bookly-customer-full-name' cookie in versions up to, and including, 27.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Exploitation requires 'Remember personal information in cookies' setting to be enabled (disabled by default).

Published

Date2026-06-13

Updated

Date2026-06-13

RISK INFORMATION (Score: 7.2)

cvss3

Base Score: 7.2

Complexity: LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Impact Score

2.7

Exploitability

3.9

REFERENCES

Loading…

API

Access Data Using Our API

Get company history

curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?
linkedin_id=axa' -H 'apikey: YOUR_API_KEY_HERE'

Try It API Documentation Rapid

MEASURE

What Do We Measure ?

Incident

Finding

Grade

Digital Assets

Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.

These are some of the factors we use to calculate the overall score:

Network SecurityIdentify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.

SBOM (Software Bill of Materials)Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.

CMDB (Configuration Management Database)Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.

Threat IntelligenceLeverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.

Rankiteo

By Rankiteo

★ ★ ★ ★ ★

View on G2.com

Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.

View latest plans →View all security reports →

MILESTONEG

Users
Love Us

Loading…