Centrica
Company Details
Linkedin ID:
centrica
Website:
Employees number:
20,157
Number of followers:
146,189
NAICS:
22
Industry Type:
Homepage:
centrica.com
IP Addresses:
5
Company ID:
CEN_2520795
Scan Status:
Completed
Centrica Company CyberSecurity Posture
centrica.com
Centrica is an international energy services and solutions company, founded on a 200-year heritage of serving customers in homes and businesses. We supply energy and services to over 10 million customers, mainly in the UK and Ireland, through brands such as British Gas, Bord Gáis Energy and Centrica Business Solutions. Through our trusted brands, we deliver innovative energy and services solutions to help solve customers’ needs, supported by thousands of engineers and technicians. We are committed to energising a greener, fairer future.
Centrica A.I CyberSecurity Scoring
Centrica Risk Score (AI oriented)Between 750 and 799
Centrica
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Centrica Global Score (TPRM)XXXX
Centrica
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Centrica Company CyberSecurity News & History
Past Incidents
2
Attack Types
2
British Gas
Data Leak
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: British Gas has already notified 2,200 customers about the data breach, and data belonging to 1000 of its customers has been exposed online. Email addresses and account passwords were among the client records that were exposed online; the account information was uploaded to the internet text-sharing platform Pastebin. The business said that based on their research, they are positive that British Gas is not the source of the information that surfaced online. Security experts believe that someone may have used customer account information from British Gas to test other data breaches and get access to enterprise accounts.
Direct Energy LP
Ransomware
Rankiteo Explanation
Attack threatening the organization's existence
Description: The Maine Office of the Attorney General reported that Direct Energy LP experienced a data breach on November 3, 2020, due to a ransomware attack affecting approximately 249,669 individuals. The breach involved customer personal information, including financial account numbers. Written notifications to affected individuals were issued between December 2 and December 22, 2020, and identity theft protection services were offered for 24 months through Experian.
Centrica Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Centrica
Incidents vs Utilities Industry Average (This Year)
No incidents recorded for Centrica in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Centrica in 2025.
Incident Types Centrica vs Utilities Industry Avg (This Year)
No incidents recorded for Centrica in 2025.
Incident History — Centrica (X = Date, Y = Severity)
Centrica cyber incidents detection timeline including parent company and subsidiaries
Centrica Company Subsidiaries
Centrica is an international energy services and solutions company, founded on a 200-year heritage of serving customers in homes and businesses. We supply energy and services to over 10 million customers, mainly in the UK and Ireland, through brands such as British Gas, Bord Gáis Energy and Centrica Business Solutions. Through our trusted brands, we deliver innovative energy and services solutions to help solve customers’ needs, supported by thousands of engineers and technicians. We are committed to energising a greener, fairer future.
Loading...
Centrica Similar Companies
The Saudi Electricity Company was established on the 5th of April in the year 2000, incorporated in accordance with Council of Ministers Mandate No. 169 dated November 30th, 1998, the Saudi Electricity Company was born out of the merger of smaller regional power company in the central, eastern, west
Exelon
Exelon Corporation (Nasdaq: EXC) is the nation’s largest utility company, serving more than 10 million customers through six fully regulated utilities. We believe that reliable and affordable energy is essential to a brighter, more sustainable future. We are a FORTUNE 250 company operating across
As one of the nation’s largest electric utilities, we’re bringing more clean and renewable sources of energy to Southern California. From energy storage to transportation electrification, our employees are working on innovative projects that will help cut emissions and greenhouse gases to provide
Duke Energy, a Fortune 150 company headquartered in Charlotte, N.C., is one of America’s largest energy holding companies. The company’s electric utilities serve 8.4 million customers in North Carolina, South Carolina, Florida, Indiana, Ohio and Kentucky, and collectively own 54,800 megawatts of ene
Neoenergia
Somos uma companhia de capital aberto com ações (NEOE3) negociadas na Bolsa de Valores de São Paulo. Parte do grupo espanhol Iberdrola, atuamos no Brasil desde 1997, e atualmente, somos uma das líderes do setor elétrico do país. Estamos presentes em 18 estados e no Distrito Federal, com negócios em
ACCIONA champions a different way of doing business: Business as Unusual, delivering benefits far beyond the corporate realm. Driven by the ambition to leave a positive legacy for society and design a better planet, we lead in developing solutions in renewable energy, sustainable water management,
American Electric Power
Our team at American Electric Power is committed to improving our customers' lives with reliable, affordable power. We are investing $54 billion from 2025 through 2029 to enhance service for customers and support the growing energy needs of our communities. Our nearly 16,000 employees operate and ma
PT PLN (Persero)
Indonesia State Electricity Corporation PLN has a long history in electricity industry of Indonesia. As the sole provider of electricity in Indonesia, PLN is striving to increase quality of services to all Indonesian. In 1972, in accordance with Government Regulation No.17, the State-owned Electric
Grupo Cobra
Grupo Cobra es una compañía global de 80 años de experiencia en el sector de la ingeniería industrial aplicada y servicios especializados. Contamos con un equipo de 18.700 personas especializadas en todos los campos relacionados con la ingeniería, instalación y mantenimiento industrial de infraestru
.png)
Centrica CyberSecurity News
November 24, 2025 01:30 PM
After Tenable exit, Indegy founders raise $20M Seed for Opti to tame access sprawl
Opti, an AI-native identity security startup founded in 2024, has raised a $20 million Seed round as enterprises confront mounting...
September 15, 2025 07:00 AM
Trump and Starmer expected to sign new deals on nuclear energy
During President Trump's visit to Britain this week, the U.S. and the U.K. are expected to sign several major new deals.
September 02, 2025 07:00 AM
Jaguar Land Rover ‘severely disrupted’ by cyberattack — as it happened
US stock markets have opened down, moving into a week of key economic data. The S&P 500 fell 84.15 points, or 1.3 per cent, to 6,376.11,...
May 02, 2024 07:00 AM
The human cost of cyberfraud
Wayne Johncock, former CIO of Centrica, and co-founder of an edtech venture shared his experience of being a victim of insider fraud, perpetuated at Bank of...
April 28, 2024 07:00 AM
Sublime Security: AI-Powered Programmable Email Security Company Raises $20 Million
Sublime Security, an AI-powered programmable email security platform, announced that it has raised $20 million in Series A funding.
July 26, 2022 10:19 AM
Capgemini migrates Centrica’s ERP platform to the AWS Cloud
Capgemini enabled Centrica to become more agile, lower costs, and achieve sustainability goals with Amazon Web Services platform.
January 07, 2022 08:00 AM
British Gas owner appoints Amber Rudd as a director
Ex-energy minister to join Centrica just as companies are lobbying to overhaul price cap system she helped draw up.
July 20, 2020 07:00 AM
Yaniv Vardi announced as Claroty’s new CEO
Cyber company Claroty Ltd., part of the Team8 venture group, announced on Monday that it has appointed Yaniv Vardi as the company's new CEO.
February 21, 2020 08:00 AM
FTSE 100 And Fortune 500 Businesses Join Forces To Tackle The Human-Centered Security Problem
Can the OutThink human-risk framework project solve the cybersecurity people puzzle?
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Centrica CyberSecurity History Information
Official Website of Centrica
The official website of Centrica is http://www.centrica.com.
Centrica’s AI-Generated Cybersecurity Score
According to Rankiteo, Centrica’s AI-generated cybersecurity score is 783, reflecting their Fair security posture.
How many security badges does Centrica’ have ?
According to Rankiteo, Centrica currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Centrica have SOC 2 Type 1 certification ?
According to Rankiteo, Centrica is not certified under SOC 2 Type 1.
Does Centrica have SOC 2 Type 2 certification ?
According to Rankiteo, Centrica does not hold a SOC 2 Type 2 certification.
Does Centrica comply with GDPR ?
According to Rankiteo, Centrica is not listed as GDPR compliant.
Does Centrica have PCI DSS certification ?
According to Rankiteo, Centrica does not currently maintain PCI DSS compliance.
Does Centrica comply with HIPAA ?
According to Rankiteo, Centrica is not compliant with HIPAA regulations.
Does Centrica have ISO 27001 certification ?
According to Rankiteo,Centrica is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Centrica
Centrica operates primarily in the Utilities industry.
Number of Employees at Centrica
Centrica employs approximately 20,157 people worldwide.
Subsidiaries Owned by Centrica
Centrica presently has no subsidiaries across any sectors.
Centrica’s LinkedIn Followers
Centrica’s official LinkedIn profile has approximately 146,189 followers.
NAICS Classification of Centrica
Centrica is classified under the NAICS code 22, which corresponds to Utilities.
Centrica’s Presence on Crunchbase
No, Centrica does not have a profile on Crunchbase.
Centrica’s Presence on LinkedIn
Yes, Centrica maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/centrica.
Cybersecurity Incidents Involving Centrica
As of November 27, 2025, Rankiteo reports that Centrica has experienced 2 cybersecurity incidents.
Number of Peer and Competitor Companies
Centrica has an estimated 4,131 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Centrica ?
Incident Types: The types of cybersecurity incidents that have occurred include Ransomware and Data Leak.
How does Centrica detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an communication strategy with customer notification, and third party assistance with experian, and communication strategy with written notifications to affected individuals..
Incident Details
Can you provide details on each incident ?
Title: British Gas Data Breach
Description: British Gas has notified 2,200 customers about a data breach where data belonging to 1,000 customers was exposed online. Email addresses and account passwords were among the client records that were exposed on the internet text-sharing platform Pastebin. The business believes that British Gas is not the source of the information that surfaced online. Security experts suggest that customer account information from British Gas might have been used to test other data breaches and gain access to enterprise accounts.
Type: Data Breach
Attack Vector: Credential Stuffing
Motivation: Unauthorized Access
Title: Direct Energy LP Data Breach
Description: The Maine Office of the Attorney General reported that Direct Energy LP experienced a data breach on November 3, 2020, due to a ransomware attack affecting approximately 249,669 individuals. The breach involved customer personal information, including financial account numbers. Written notifications to affected individuals were issued between December 2 and December 22, 2020, and identity theft protection services were offered for 24 months through Experian.
Date Detected: 2020-11-03
Type: Data Breach
Attack Vector: Ransomware
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Data Leak.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach BRI1212261023
Data Compromised: Email addresses, Account passwords
Incident : Data Breach DIR1041072525
Data Compromised: Customer personal information, Financial account numbers
Identity Theft Risk: High
Payment Information Risk: High
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Email Addresses, Account Passwords, , Customer Personal Information, Financial Account Numbers and .
Which entities were affected by each incident ?
Incident : Data Breach BRI1212261023
Entity Name: British Gas
Entity Type: Company
Industry: Energy
Location: United Kingdom
Customers Affected: 2200
Incident : Data Breach DIR1041072525
Entity Name: Direct Energy LP
Entity Type: Company
Industry: Energy
Customers Affected: 249669
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach BRI1212261023
Communication Strategy: Customer Notification
Incident : Data Breach DIR1041072525
Third Party Assistance: Experian
Communication Strategy: Written notifications to affected individuals
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through Experian.
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach BRI1212261023
Type of Data Compromised: Email addresses, Account passwords
Number of Records Exposed: 1000
Personally Identifiable Information: Email addresses
Incident : Data Breach DIR1041072525
Type of Data Compromised: Customer personal information, Financial account numbers
Number of Records Exposed: 249669
Sensitivity of Data: High
Personally Identifiable Information: Yes
References
Where can I find more information about each incident ?
Incident : Data Breach DIR1041072525
Source: Maine Office of the Attorney General
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Maine Office of the Attorney General.
Investigation Status
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Customer Notification and Written notifications to affected individuals.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Data Breach BRI1212261023
Customer Advisories: Customer Notification
Incident : Data Breach DIR1041072525
Customer Advisories: Identity theft protection services offered for 24 months through Experian
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Customer Notification, and Identity theft protection services offered for 24 months through Experian.
Post-Incident Analysis
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Experian.
Additional Questions
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2020-11-03.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Email addresses, Account passwords, , Customer personal information, Financial account numbers and .
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was Experian.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Email addresses, Financial account numbers, Account passwords and Customer personal information.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 1.0K.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident is Maine Office of the Attorney General.
Stakeholder and Customer Advisories
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued were an Customer Notification and Identity theft protection services offered for 24 months through Experian.
.png)
Latest Global CVEs (Not Company-Specific)
Description
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.
Risk Information
cvss4
Base: 7.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
- https://github.com/angular/angular/commit/0276479e7d0e280e0f8d26fa567d3b7aa97a516f
- https://github.com/angular/angular/commit/05fe6686a97fa0bcd3cf157805b3612033f975bc
- https://github.com/angular/angular/commit/3240d856d942727372a705252f7c8c115394a41e
- https://github.com/angular/angular/releases/tag/19.2.16
- https://github.com/angular/angular/releases/tag/20.3.14
- https://github.com/angular/angular/releases/tag/21.0.1
- https://github.com/angular/angular/security/advisories/GHSA-58c5-g7wp-6w37
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 6.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected when working with large buffers. This includes a rule passing a large buffer to a Lua script. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling Lua rules and output scripts, or making sure limits, such as stream.depth.reassembly and HTTP response body limits (response-body-limit), are set to less than half the stack size.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64_data. This issue has been patched in version 8.0.2. A workaround involves disabling rules that use entropy in conjunction with base64_data.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=centrica' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
