Rankiteo Logo
Rankiteo
Leader in Cyber Underwriting
Loading...
NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop
WindowsmacOSLinux
Download
Crunchbase

Crunchbase Vendor Cyber Rating & Cyber Score

crunchbase.com

Crunchbase is a predictive solution that provides intelligence on private companies, powered by the unique combination of live private company data, AI, and market activity from over 80 million users. We predict private market movements that matter to help investors, dealmakers, and analysts make the right decisions.


Crunchbase A.I CyberSecurity Scoring

Crunchbase
Company Information
Website:https://www.crunchbase.com/
Employees number:251
Number of followers:157,511
NAICS:5112
Industry Type:Software Development
Homepage:crunchbase.com
Crunchbase Risk Score (AI oriented)
Between 0 and 549
logo
CrunchbaseSoftware Development
Updated:
04/04/2026
440/1000
Critical
C
AaaAaABaaBaBCaaCaC
Powered by our proprietary A.I cyber incident model
Insurance prefers TPRM score to calculate premium
Crunchbase Global Score (TPRM)
xxxx
logo
CrunchbaseSoftware Development
•••
Score locked
Instant access to detailed risk factors
Vulnerabilities
Benchmark vs. industry & size peers
Findings

Crunchbase
CrunchbaseCritical
Current Score
440C (CRITICAL)
01000
4 incidents
-83.75 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
459Before Incident
JUNE 2026
454Before Incident
MAY 2026
449Before Incident
APRIL 2026
440Before Incident
MARCH 2026
435Before Incident
FEBRUARY 2026
429Before Incident
JANUARY 2026
490Before Incident
Breach
28 Jan 2026Crunchbase
CrunchBase, Panera Bread, Match Group and Bumble: Bumble, Match, Panera Bread and CrunchBase hit by cyberattacks, Bloomberg News reports

Cyberattacks Target Bumble, Match, Panera Bread, and CrunchBase

426After Incident
MEDIUM-64
MATBUMCRUPAN1770710058
Cyberattacks Target Bumble, Match, Panera Bread, and CrunchBase Several high-profile companies including dating platforms Bumble and Match, food chain Panera Bread, and corporate data provider CrunchBase were hit by cyberattacks, according to a Bloomberg News report on Wednesday. The incidents, confirmed by company spokespersons, varied in scope and impact. Bumble stated that the intruders did not access its member database, accounts, direct messages, or profiles. Similarly, Match Group, parent company of Tinder, reported that a limited amount of user data was affected, though login credentials, financial information, and private communications remained secure. CrunchBase disclosed that documents on its corporate network were compromised but contained the breach. Panera Bread confirmed an incident involving contact information and notified authorities. The attacks highlight ongoing cybersecurity risks across industries, with companies emphasizing containment efforts and minimal exposure of sensitive data. No further details on the attackers or their motives were provided.
INCIDENT DETAILS -
TYPE
data_breachcyberattack
IMPACT
Data Compromised: varied
DATA BREACH
user data (Match Group)contact information (Panera Bread)corporate documents (CrunchBase)Personally Identifiable Information: contact information (Panera Bread)
JANUARY 2026
581Before Incident
Breach
12 Jan 2026Crunchbase
Crunchbase: Crunchbase Confirms Data Breach After Hacking Claims

Crunchbase Data Breach by ShinyHunters

488After Incident
CRITICAL-93
CRU1769440011
Crunchbase Confirms Data Breach as ShinyHunters Leaks 2M Records Market intelligence firm Crunchbase has confirmed a data breach after the ShinyHunters cybercrime group published files allegedly stolen from its systems. The hackers claim to have exfiltrated over 2 million records, including personally identifiable information (PII), contracts, and corporate data, totaling 400 MB of compressed files posted online after Crunchbase refused to pay a ransom. In a statement to SecurityWeek, Crunchbase acknowledged the incident, confirming that a threat actor accessed certain documents from its corporate network. The company stated that no business operations were disrupted, the breach has been contained, and systems are now secure. Crunchbase has engaged cybersecurity experts and notified federal law enforcement while reviewing the leaked data to determine if legal notifications are required. Alon Gal, CTO of threat intelligence firm Hudson Rock, analyzed the leaked data and verified the presence of sensitive information. The breach follows a pattern of recent ShinyHunters attacks, with the group also claiming breaches at SoundCloud and Betterment. - SoundCloud confirmed a mid-December breach affecting 20% of its users, exposing email addresses and public profile data but not passwords or financial information. While the company is reviewing the leaked files, it has found no evidence supporting the hackers’ claims of additional sensitive data theft. However, the attackers have since harassed users, employees, and partners. - Betterment, a robo-advisor firm, disclosed a January 12 cybersecurity incident where threat actors gained access via social engineering and used it to send cryptocurrency scam messages to customers. Separately, Hudson Rock’s Gal reported that ShinyHunters claims responsibility for a recent Okta SSO vishing campaign, linking the group to attacks on Crunchbase, SoundCloud, and Betterment. Okta has issued warnings about custom phishing kits enabling advanced voice-based social engineering, though it has not confirmed a direct connection to ShinyHunters’ recent activities. The kits have been used against Google, Microsoft, Okta, and cryptocurrency services. The incidents highlight the group’s expanding targeting of high-profile companies, with ongoing investigations into the full scope of the breaches.
INCIDENT DETAILS -
TYPE
Data Breach
MOTIVATION
Financial gain, Data exfiltration
IMPACT
Data Compromised: Over 2 million records (PII, contracts, corporate data)Systems Affected: Corporate networkDowntime: None (no business operations disrupted)Operational Impact: Contained, systems securedLegal Liabilities: Under review for legal notificationsIdentity Theft Risk: High (PII exposed)
DATA BREACH
Personally identifiable information (PII)ContractsCorporate dataNumber Of Records Exposed: Over 2 millionSensitivity Of Data: HighData Exfiltration: Yes (400 MB of compressed files posted online)Personally Identifiable Information: Yes
JANUARY 2026
645Before Incident
Breach
09 Jan 2026Crunchbase
Betterment: Betterment Data Breach Exposes Customer Information In 2026

Betterment Data Breach Exposes Customer Information

581After Incident
CRITICAL-64
BET1768259382
Betterment Data Breach Exposes Customer Information in 2026 Social Engineering Attack On January 9, 2026, Betterment, a leading automated investment and personal finance platform, disclosed a cybersecurity incident in which hackers exploited third-party marketing and operational tools to access customer data. The attackers employed social engineering tactics deception and impersonation to infiltrate systems, bypassing Betterment’s core security infrastructure. The breach exposed personal information, including names, email and postal addresses, phone numbers, and dates of birth for an undisclosed number of customers. While Betterment confirmed that no account credentials or financial data were compromised, the attackers used the stolen information to send fraudulent cryptocurrency scam messages to some users, promising to triple their holdings in exchange for a $10,000 payment to a hacker-controlled wallet. Betterment detected the breach the same day, revoking unauthorized access and launching an investigation with an unnamed cybersecurity firm. The company stated that no customer accounts were accessed, and login credentials remained secure. However, the incident has raised concerns about the risks posed by third-party integrations in financial services, as the attack did not target Betterment’s internal systems directly but rather exploited vulnerabilities in external platforms. Betterment’s response has drawn criticism for its lack of transparency, including the use of a "noindex" tag on its security incident webpage, preventing search engines from indexing the details. As of January 12, 2026, the company had not disclosed the number of affected customers or further specifics about the attack. The ongoing investigation, along with regulatory scrutiny, may provide additional clarity in the coming weeks. Cybersecurity experts note that social engineering attacks on financial platforms are increasing, emphasizing the need for stronger oversight of third-party vendors and employee training. The breach underscores the broader challenge of securing interconnected digital ecosystems, where even robust internal defenses can be undermined by external vulnerabilities.
INCIDENT DETAILS -
TYPE
Data Breach
MOTIVATION
Financial gain (fraudulent crypto scam)
IMPACT
Data Compromised: Names, email and postal addresses, phone numbers, dates of birthSystems Affected: Third-party marketing and operations platformsOperational Impact: Unauthorized access revoked, ongoing investigationBrand Reputation Impact: Rattled nerves among investors and privacy advocatesIdentity Theft Risk: High (exposure of personal information)
DATA BREACH
Type Of Data Compromised: Personal InformationSensitivity Of Data: High (PII including names, addresses, phone numbers, dates of birth)Personally Identifiable Information: Names, email and postal addresses, phone numbers, dates of birth
DECEMBER 2025
757Before Incident
Breach
12 Dec 2025Crunchbase
SoundCloud confirms breach after member data stolen, VPN access disrupted

SoundCloud Security Breach and Data Theft

643After Incident
CRITICAL-114
SOU1765850792
SoundCloud Confirms Security Breach Impacting 28 Million Users SoundCloud has confirmed that recent outages and VPN connectivity issues were caused by a security breach in which threat actors stole a database containing user information. The incident, detected over the past four days, led to widespread reports of users encountering 403 "forbidden" errors when accessing the platform via VPN. In a statement to BleepingComputer, SoundCloud revealed that unauthorized activity was detected in an ancillary service dashboard, prompting the activation of its incident response procedures. While the company acknowledged that a threat actor accessed limited data, it clarified that no sensitive information—such as financial details or passwords—was compromised. The exposed data included only email addresses and publicly visible profile information. The breach is estimated to affect approximately 20% of SoundCloud’s user base, translating to roughly 28 million accounts based on publicly reported figures. The company stated that all unauthorized access has been blocked and that no ongoing risk to the platform exists. In response, SoundCloud has implemented additional security measures, including enhanced monitoring, improved threat detection, and a review of identity and access controls. However, a configuration change made during the response disrupted VPN access to the site, with no confirmed timeline for full restoration. Following the breach, SoundCloud also faced denial-of-service (DoS) attacks that temporarily disabled its web availability. While the company has not identified the threat actor, BleepingComputer sources indicate that the ShinyHunters extortion gang is likely responsible. The group, which also claimed responsibility for a recent PornHub data breach, is reportedly attempting to extort SoundCloud after allegedly stealing user data. Further updates are expected as the investigation continues.
INCIDENT DETAILS -
TYPE
Data Breach
MOTIVATION
Extortion
IMPACT
Data Compromised: Email addresses and public profile informationSystems Affected: Ancillary service dashboard, VPN connectivityDowntime: Temporary web availability disruption due to DDoS attacksOperational Impact: VPN access disruption, temporary platform unavailability
DATA BREACH
Type Of Data Compromised: Email addresses, public profile informationNumber Of Records Exposed: 28 millionSensitivity Of Data: Low (no financial or password data)Personally Identifiable Information: Email addresses
NOVEMBER 2025
757Before Incident
OCTOBER 2025
757Before Incident
SEPTEMBER 2025
757Before Incident
AUGUST 2025
757Before Incident

Frequently Asked Questions

?
What is the current A.I Rankiteo Cyber Score for Crunchbase ?
?
What was Crunchbase's A.I Rankiteo Cyber Score in June 2026 ?
?
What was Crunchbase's A.I Rankiteo Cyber Score in May 2026 ?
?
What was Crunchbase's A.I Rankiteo Cyber Score in April 2026 ?
?
What was Crunchbase's A.I Rankiteo Cyber Score in March 2026 ?
?
What was Crunchbase's A.I Rankiteo Cyber Score in February 2026 ?
?
What was Crunchbase's A.I Rankiteo Cyber Score in January 2026 ?
?
What was Crunchbase's A.I Rankiteo Cyber Score in December 2025 ?
?
What was Crunchbase's A.I Rankiteo Cyber Score in November 2025 ?
?
What was Crunchbase's A.I Rankiteo Cyber Score in October 2025 ?
?
What was Crunchbase's A.I Rankiteo Cyber Score in September 2025 ?
?
What was Crunchbase's A.I Rankiteo Cyber Score in August 2025 ?
?
What is the average per-incident point impact on Crunchbase's A.I Rankiteo Cyber Score over the past 12 months ?
?
Where can I access detailed records of all cyber incidents associated with Crunchbase ?
?
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ?
?
Where can I view Crunchbase's profile page on Rankiteo ?
?
How accurate is the A.I Rankiteo Risk Scoring methodology ?