CFI
Company Details
Linkedin ID:
chico-s-fas-inc
Employees number:
10,325
Number of followers:
55,958
NAICS:
43
Industry Type:
Homepage:
chicos.com
IP Addresses:
0
Company ID:
CHI_1870416
Scan Status:
In-progress
Chico's FAS, Inc. Company CyberSecurity Posture
chicos.com
Our passion for fashion and desire to inspire confidence and joy have been guiding the creation of our women’s clothing, intimates, and accessories for more than 40 years. Our portfolio consists of three brands: Chico’s, WHBM, and Soma found in over 1,000 stores throughout the United States and online. Our commitment and dedication come from our loyal customers and devoted Associates, who are equally inspired by our values. If you share our passion for fashion, we invite you to join us. Visit: https://jobs.chicos.com/
Chico's FAS, Inc. A.I CyberSecurity Scoring
CFI Risk Score (AI oriented)Between 700 and 749
CFI
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
CFI Global Score (TPRM)XXXX
CFI
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
CFI Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
Chico’s FAS, Inc.
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: The Vermont Office of the Attorney General reported on October 2, 2023, that Chico's FAS, Inc. experienced a data breach involving customer payment card information captured by a third-party contractor during calls at their call center. The breach occurred when the contractor was employed from May 22, 2023, to August 10, 2023. Specific details regarding the number of individuals affected and further types of information compromised are unknown.
CFI Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for CFI
Incidents vs Retail Industry Average (This Year)
No incidents recorded for Chico's FAS, Inc. in 2026.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Chico's FAS, Inc. in 2026.
Incident Types CFI vs Retail Industry Avg (This Year)
No incidents recorded for Chico's FAS, Inc. in 2026.
Incident History — CFI (X = Date, Y = Severity)
CFI cyber incidents detection timeline including parent company and subsidiaries
CFI Company Subsidiaries
Our passion for fashion and desire to inspire confidence and joy have been guiding the creation of our women’s clothing, intimates, and accessories for more than 40 years. Our portfolio consists of three brands: Chico’s, WHBM, and Soma found in over 1,000 stores throughout the United States and online. Our commitment and dedication come from our loyal customers and devoted Associates, who are equally inspired by our values. If you share our passion for fashion, we invite you to join us. Visit: https://jobs.chicos.com/
Loading...
CFI Similar Companies
华润创业有限公司
Founded in 1992, China Resources Enterprise, Limited is the Hong Kong flagship subsidiary of China Resources (Holdings) Company Limited in the comprehensive consumer goods and retail services businesses. The Company focuses on three businesses: beer, food and beverage. For the beer division, Chin
Kohl’s is a leading omnichannel retailer with more than 1,100 stores in 49 states. Kohl's business is built on a solid foundation of more than 60 million customers, an unmatched brand portfolio, industry-leading loyalty and Kohl's Card programs, a convenient and accessible nationwide store footprin
At PetSmart, we’ll do Anything for Pets. ❤️🐾 And the people who love them! Because we’re those people, too. Pets inspire and motivate us to bring our best selves to work each day. Our associates are devoted to ensuring that pets’ lives are happy and healthy. So, naturally, we’re devoted to ensuring
Wesfarmers
Wesfarmers — a diversified corporation From its origins in 1914 as a Western Australian farmers' cooperative, Wesfarmers has grown into one of Australia's largest listed companies. With headquarters in Western Australia, its diverse business operations cover: home improvement and outdoor living; ap
Canadian Tire Corporation
Canadian Tire Corporation, Limited (“CTC”) is one of Canada’s most admired and trusted companies. With world-class owned brands and exciting market-leading merchandising strategies, we are continually innovating with purpose: to be there for Canadians from coast-to-coast. We are a group of compani
Next
At Next we never underestimate what we can do. Bring your energy, play to your strengths and never shy away from change. Push yourself and back others. Make things happen that will be bigger and better than before. Come and work for one of the UK’s biggest retailers. It is everything you could ima
Bath & Body Works
We were founded on a simple idea: to make the world a brighter, happier place through the power of fragrance. As we've grown, so has our purpose and today, we help the world live more fully through the power of fragrance. We’re a team that cares about our customers and believes in giving them a rea
Sprouts is the place where goodness grows. True to its farm-stand heritage, Sprouts offers a unique grocery experience featuring an open layout with fresh produce at the heart of the store. Sprouts inspires wellness naturally with a carefully curated assortment of better-for-you products paired wit
Whole Foods Market
Whole Foods was founded in 1980 on the belief that where food comes from, and how it’s grown, matters. It meant creating quality standards, working with suppliers who achieve them, and sharing that information with our customers. And it radically changed the way people understood and shopped for foo
.png)
CFI CyberSecurity News
January 05, 2024 08:00 AM
Sycamore Partners Completes Acquisition of Chico's FAS, Inc.
Chico's FAS, Inc. (Company or Chico's FAS, NYSE: CHS) today announced the completion of its acquisition by Sycamore Partners, a private equity firm.
November 02, 2023 07:00 AM
The 2023 Security Benchmark Leaders — Chico's FAS, Inc.
Joe Biffar, Vice President, Asset Protection, Facilities and HQ Operations at Chico's FAS, Inc. discusses the company's approach to crisis...
June 21, 2023 07:00 AM
Chico's FAS, Inc. Publishes Its Environmental, Social, and Governance 2022 Impact Report
Company Recognized on Forbes List of Best Employers for Diversity 2023. FORT MYERS, Fla., June 21, 2023 /PRNewswire/ -- Chico's FAS,...
June 16, 2023 08:00 PM
NRF Retail Law Summit
This free annual virtual Zoom event is a must-attend for retail in-house attorneys, risk and compliance officers, HR professionals and legal counsels and...
February 28, 2023 08:00 AM
Chico's FAS, Inc. Reports Fourth Quarter and Fiscal Year 2022 Results
We delivered strong store and digital sales growth, substantial gross margin expansion and solid expense leverage for the year, which produced outstanding...
September 17, 2021 07:00 AM
Chico's FAS, Inc. Appoints Patrick J. Guido as Chief Financial Officer
PRNewswire/ -- Chico's FAS, Inc. (NYSE: CHS) ("Chico's FAS" or the "Company") today announced that Patrick J. Guido has been appointed Chief...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
CFI CyberSecurity History Information
Official Website of Chico's FAS, Inc.
The official website of Chico's FAS, Inc. is https://www.chicos.com/store/category/new+arrivals/cat40036/.
Chico's FAS, Inc.’s AI-Generated Cybersecurity Score
According to Rankiteo, Chico's FAS, Inc.’s AI-generated cybersecurity score is 743, reflecting their Moderate security posture.
How many security badges does Chico's FAS, Inc.’ have ?
According to Rankiteo, Chico's FAS, Inc. currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Has Chico's FAS, Inc. been affected by any supply chain cyber incidents ?
According to Rankiteo, Chico's FAS, Inc. has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.
Does Chico's FAS, Inc. have SOC 2 Type 1 certification ?
According to Rankiteo, Chico's FAS, Inc. is not certified under SOC 2 Type 1.
Does Chico's FAS, Inc. have SOC 2 Type 2 certification ?
According to Rankiteo, Chico's FAS, Inc. does not hold a SOC 2 Type 2 certification.
Does Chico's FAS, Inc. comply with GDPR ?
According to Rankiteo, Chico's FAS, Inc. is not listed as GDPR compliant.
Does Chico's FAS, Inc. have PCI DSS certification ?
According to Rankiteo, Chico's FAS, Inc. does not currently maintain PCI DSS compliance.
Does Chico's FAS, Inc. comply with HIPAA ?
According to Rankiteo, Chico's FAS, Inc. is not compliant with HIPAA regulations.
Does Chico's FAS, Inc. have ISO 27001 certification ?
According to Rankiteo,Chico's FAS, Inc. is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Chico's FAS, Inc.
Chico's FAS, Inc. operates primarily in the Retail industry.
Number of Employees at Chico's FAS, Inc.
Chico's FAS, Inc. employs approximately 10,325 people worldwide.
Subsidiaries Owned by Chico's FAS, Inc.
Chico's FAS, Inc. presently has no subsidiaries across any sectors.
Chico's FAS, Inc.’s LinkedIn Followers
Chico's FAS, Inc.’s official LinkedIn profile has approximately 55,958 followers.
NAICS Classification of Chico's FAS, Inc.
Chico's FAS, Inc. is classified under the NAICS code 43, which corresponds to Retail Trade.
Chico's FAS, Inc.’s Presence on Crunchbase
No, Chico's FAS, Inc. does not have a profile on Crunchbase.
Chico's FAS, Inc.’s Presence on LinkedIn
Yes, Chico's FAS, Inc. maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/chico-s-fas-inc.
Cybersecurity Incidents Involving Chico's FAS, Inc.
As of January 24, 2026, Rankiteo reports that Chico's FAS, Inc. has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
Chico's FAS, Inc. has an estimated 15,596 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Chico's FAS, Inc. ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
Incident Details
Can you provide details on each incident ?
Title: Chico's FAS, Inc. Data Breach
Description: Chico's FAS, Inc. experienced a data breach involving customer payment card information captured by a third-party contractor during calls at their call center.
Date Detected: 2023-10-02
Date Publicly Disclosed: 2023-10-02
Type: Data Breach
Attack Vector: Third-party contractor
Threat Actor: Third-party contractor
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Third-party contractor.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach CHI231072725
Data Compromised: Customer payment card information
Payment Information Risk: True
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Customer payment card information.
Which entities were affected by each incident ?
Incident : Data Breach CHI231072725
Entity Name: Chico's FAS, Inc.
Entity Type: Retail
Industry: Fashion
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach CHI231072725
Type of Data Compromised: Customer payment card information
Sensitivity of Data: High
References
Where can I find more information about each incident ?
Incident : Data Breach CHI231072725
Source: Vermont Office of the Attorney General
Date Accessed: 2023-10-02
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Vermont Office of the Attorney GeneralDate Accessed: 2023-10-02.
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Data Breach CHI231072725
Entry Point: Third-party contractor
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident was an Third-party contractor.
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2023-10-02.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2023-10-02.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Customer payment card information and .
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach was Customer payment card information.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident is Vermont Office of the Attorney General.
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker was an Third-party contractor.
.png)
Latest Global CVEs (Not Company-Specific)
Description
Typemill is a flat-file, Markdown-based CMS designed for informational documentation websites. A reflected Cross-Site Scripting (XSS) exists in the login error view template `login.twig` of versions 2.19.1 and below. The `username` value can be echoed back without proper contextual encoding when authentication fails. An attacker can execute script in the login page context. This issue has been fixed in version 2.19.2.
Risk Information
cvss3
Base: 5.4
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Description
A DOM-based Cross-Site Scripting (XSS) vulnerability exists in the DomainCheckerApp class within domain/script.js of Sourcecodester Domain Availability Checker v1.0. The vulnerability occurs because the application improperly handles user-supplied data in the createResultElement method by using the unsafe innerHTML property to render domain search results.
Description
A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Modern Image Gallery App v1.0 within the gallery/upload.php component. The application fails to properly validate uploaded file contents. Additionally, the application preserves the user-supplied file extension during the save process. This allows an unauthenticated attacker to upload arbitrary PHP code by spoofing the MIME type as an image, leading to full system compromise.
Description
A UNIX symbolic link following issue in the jailer component in Firecracker version v1.13.1 and earlier and 1.14.0 on Linux may allow a local host user with write access to the pre-created jailer directories to overwrite arbitrary host files via a symlink attack during the initialization copy at jailer startup, if the jailer is executed with root privileges. To mitigate this issue, users should upgrade to version v1.13.2 or 1.14.1 or above.
Risk Information
cvss3
Base: 6.0
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
cvss4
Base: 6.0
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description
An information disclosure vulnerability exists in the /srvs/membersrv/getCashiers endpoint of the Aptsys gemscms backend platform thru 2025-05-28. This unauthenticated endpoint returns a list of cashier accounts, including names, email addresses, usernames, and passwords hashed using MD5. As MD5 is a broken cryptographic function, the hashes can be easily reversed using public tools, exposing user credentials in plaintext. This allows remote attackers to perform unauthorized logins and potentially gain access to sensitive POS operations or backend functions.
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=chico-s-fas-inc' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
