Diebold Nixdorf
Company Details
Linkedin ID:
diebold
Website:
Employees number:
19,828
Number of followers:
311,817
NAICS:
5415
Industry Type:
Homepage:
dieboldnixdorf.com
IP Addresses:
0
Company ID:
DIE_1559874
Scan Status:
In-progress
Diebold Nixdorf Company CyberSecurity Posture
dieboldnixdorf.com
We automate, digitize and transform the way people bank and shop. We offer proven expertise and comprehensive portfolios in cutting-edge product technology, multi-vendor software and service excellence for financial and retail customers. Consumer behavior is changing rapidly; people are empowered and connected and expect unprecedented service and convenience. The world is “always on” – a digital era requiring us to orchestrate touchpoints in ways that meet and exceed the 24/7 automation needs of the banking and retail worlds. Diebold Nixdorf employs approximately 21,000 employees in more than 130 countries worldwide. We are publicly traded on the New York Stock Exchange under the symbol “DBD.” Specialties: financial and retail self-service solutions, services, security solutions, software, cash management, branch and store transformation
Diebold Nixdorf A.I CyberSecurity Scoring
Diebold Nixdorf Risk Score (AI oriented)Between 700 and 749
Diebold Nixdorf
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Diebold Nixdorf Global Score (TPRM)XXXX
Diebold Nixdorf
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Diebold Nixdorf Company CyberSecurity News & History
Past Incidents
3
Attack Types
3
Diebold Nixdorf
Cyber Attack
Rankiteo Explanation
Attack limited on finance or reputation
Description: Diebold Nixdorf admitted a cyber attack on a service provider in a letter to customers, this provided optimization data for cash distribution to the ATMs. It is uncertain who was responsible for the attack on servers and other components at the data center utilized by the service provider Planfocus. Aside from not being impacted, neither customer data nor statistics data have been lost as of this writing, as far as is known. A service provider's data center, which houses the CCO systems, was the target of the attack. Only the attack, not the cash supply itself, could have put the optimization in jeopardy.
Diebold Nixdorf
Ransomware
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: Diebold Nixdorf, a major provider of automatic teller machines (ATMs) and payment technology to banks and retailers, suffered a ransomware attack that disrupted some operations. ATMs or customer networks remained unaffected but the intrusion affected its corporate network. The investigation determined that the intruders installed the ProLock ransomware.
Diebold Nixdorf
Vulnerability
Rankiteo Explanation
Attack threatening the organization’s existence
Description: Independent researcher Matt Burch disclosed vulnerabilities in Diebold Nixdorf's ATM security solution, Vynamic Security Suite (VSS), during the Defcon security conference. The findings showed potential for attackers to circumvent hard drive encryption and gain full control over the machines if the patches are not applied, posing significant risks of financial data breach and unauthorized cash withdrawals. The unencrypted Linux partition used in the dual-boot configuration of the ATMs exacerbated the issue, allowing the exploitation path. Although Diebold has patched the issues, Burch suggested that patches might not be consistently deployed across all ATMs.
Diebold Nixdorf Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Diebold Nixdorf
Incidents vs IT Services and IT Consulting Industry Average (This Year)
No incidents recorded for Diebold Nixdorf in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Diebold Nixdorf in 2025.
Incident Types Diebold Nixdorf vs IT Services and IT Consulting Industry Avg (This Year)
No incidents recorded for Diebold Nixdorf in 2025.
Incident History — Diebold Nixdorf (X = Date, Y = Severity)
Diebold Nixdorf cyber incidents detection timeline including parent company and subsidiaries
Diebold Nixdorf Company Subsidiaries
We automate, digitize and transform the way people bank and shop. We offer proven expertise and comprehensive portfolios in cutting-edge product technology, multi-vendor software and service excellence for financial and retail customers. Consumer behavior is changing rapidly; people are empowered and connected and expect unprecedented service and convenience. The world is “always on” – a digital era requiring us to orchestrate touchpoints in ways that meet and exceed the 24/7 automation needs of the banking and retail worlds. Diebold Nixdorf employs approximately 21,000 employees in more than 130 countries worldwide. We are publicly traded on the New York Stock Exchange under the symbol “DBD.” Specialties: financial and retail self-service solutions, services, security solutions, software, cash management, branch and store transformation
Loading...
Diebold Nixdorf Similar Companies
Neobpo
Somos especializados em integrar tecnologia com inteligência humana, oferecendo soluções digitais que promovem transformação e eficiência operacional. Nosso foco é gerar valor por meio de resultados reais, utilizando inteligência digital para atender às necessidades específicas de cada cliente. Merg
Avanade
Avanade is the world’s leading expert on Microsoft. Trusted by over 7,000 clients worldwide, we deliver AI-driven solutions that unlock the full potential of people and technology, optimize operations, foster innovation and drive growth. As Microsoft’s Global SI Partner we combine global scale with
Sogeti
Part of the Capgemini Group, Sogeti makes business value through technology for organizations that need to implement innovation at speed and want a local partner with global scale. With a hands-on culture and close proximity to its clients, Sogeti implements solutions that will help organizations wo
Insights you can act on to achieve trusted outcomes. We are insights-driven and outcomes-focused to help accelerate returns on your investments. Across 21 industry sectors and 400 locations worldwide, we provide comprehensive, scalable and sustainable IT and business consulting services that are in
Verizon
We get you. You want more out of a career. A place to share your ideas freely — even if they’re daring or different. Where the true you can learn, grow, and thrive. You’ll find all that here. Because we empower you. We power and empower how people live, work and play by connecting them to what bri
GlobalLogic Latinoamérica
GlobalLogic, una empresa del grupo Hitachi, es líder en ingeniería digital en Latinoamérica. Ayudamos a diferentes marcas a diseñar y crear productos, plataformas y experiencias digitales innovadoras para el mundo moderno. Al integrar el diseño de experiencia, la ingeniería compleja y la exper
VOIS
VOIS (Vodafone Intelligent Solutions) is a strategic arm of Vodafone Group Plc, creating value for customers by delivering intelligent solutions through Talent, Technology & Transformation. As the largest shared services organisation in the global telco industry, our portfolio of next-generation s
Zebra (NASDAQ: ZBRA) helps organizations monitor, anticipate, and accelerate workflows by empowering their frontline and ensuring that everyone and everything is visible, connected and fully optimized. Our award-winning portfolio spans software to innovations in robotics, machine vision, automation
Algar Tech
Somos a Algar Tech CX. Com 26 anos de mercado, atuamos como parceira de negócio para a transformação digital de grandes corporações. Nosso portfólio possui serviços de Relacionamento com o Cliente, que visam melhorar a experiência dos consumidores. Somos mais de 7 mil associados que trabalham com o
.png)
Diebold Nixdorf CyberSecurity News
November 09, 2025 03:21 PM
Raya Information Technology Highlights Its Integrated Digital Ecosystem Through Three Themed Pavilions at Cairo ICT 2025
Featuring comprehensive solutions across cybersecurity, artificial intelligence, digital infrastructure, and smart banking technologies.
November 08, 2025 05:25 AM
Decoding Diebold Nixdorf Inc (DBD): A Strategic SWOT Insight
Diebold Nixdorf showcases a robust turnaround with a significant improvement in net income.Strategic focus on digitally enabled hardware,...
October 26, 2025 07:00 AM
Winners And Losers Of Q2: NetApp (NASDAQ:NTAP) Vs The Rest Of The Hardware & Infrastructure Stocks
Quarterly earnings results are a good time to check in on a company's progress, especially compared to its peers in the same sector.
October 23, 2025 07:00 AM
ATM cybersecurity: Staying on top of malware attacks
ATM malware continues to be one of the most persistent and costly challenges for financial institutions worldwide. Here's how to stay on top...
October 22, 2025 07:00 AM
Mitigate ATM Jackpotting Risk With Layered Security
ATM jackpotting drains machines of cash and raises reputational concerns. Crowe cybersecurity specialists offer proactive and mitigating...
October 21, 2025 07:00 AM
Cybersecurity Awareness Month: Protecting ATMs from Malware Threats
October is Cybersecurity Awareness Month, a timely reminder for banks and ATM operators to remain alert to evolving threats.
September 29, 2025 07:00 AM
Digital transformation shapes Pakistan's banking horizon
A cashless ecosystem. Faisal Mahmood, head of Digital Public Infrastructure of Karandaaz, outlined the growth of automated teller machine...
September 09, 2025 07:00 AM
Binary Defense's new CEO is cybersecurity industry vet
Binary Defense announced that its new CEO is Dennis Hon, who was most recently chief revenue officer for Colorado cybersecurity provider Red...
July 28, 2025 07:00 AM
Q1 Earnings Roundup: Hewlett Packard Enterprise (NYSE:HPE) And The Rest Of The Hardware & Infrastructure Segment
As the Q1 earnings season wraps, let's dig into this quarter's best and worst performers in the hardware & infrastructure industry,...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Diebold Nixdorf CyberSecurity History Information
Official Website of Diebold Nixdorf
The official website of Diebold Nixdorf is http://DieboldNixdorf.com.
Diebold Nixdorf’s AI-Generated Cybersecurity Score
According to Rankiteo, Diebold Nixdorf’s AI-generated cybersecurity score is 728, reflecting their Moderate security posture.
How many security badges does Diebold Nixdorf’ have ?
According to Rankiteo, Diebold Nixdorf currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Diebold Nixdorf have SOC 2 Type 1 certification ?
According to Rankiteo, Diebold Nixdorf is not certified under SOC 2 Type 1.
Does Diebold Nixdorf have SOC 2 Type 2 certification ?
According to Rankiteo, Diebold Nixdorf does not hold a SOC 2 Type 2 certification.
Does Diebold Nixdorf comply with GDPR ?
According to Rankiteo, Diebold Nixdorf is not listed as GDPR compliant.
Does Diebold Nixdorf have PCI DSS certification ?
According to Rankiteo, Diebold Nixdorf does not currently maintain PCI DSS compliance.
Does Diebold Nixdorf comply with HIPAA ?
According to Rankiteo, Diebold Nixdorf is not compliant with HIPAA regulations.
Does Diebold Nixdorf have ISO 27001 certification ?
According to Rankiteo,Diebold Nixdorf is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Diebold Nixdorf
Diebold Nixdorf operates primarily in the IT Services and IT Consulting industry.
Number of Employees at Diebold Nixdorf
Diebold Nixdorf employs approximately 19,828 people worldwide.
Subsidiaries Owned by Diebold Nixdorf
Diebold Nixdorf presently has no subsidiaries across any sectors.
Diebold Nixdorf’s LinkedIn Followers
Diebold Nixdorf’s official LinkedIn profile has approximately 311,817 followers.
NAICS Classification of Diebold Nixdorf
Diebold Nixdorf is classified under the NAICS code 5415, which corresponds to Computer Systems Design and Related Services.
Diebold Nixdorf’s Presence on Crunchbase
Yes, Diebold Nixdorf has an official profile on Crunchbase, which can be accessed here: https://www.crunchbase.com/organization/diebold-nixdorf.
Diebold Nixdorf’s Presence on LinkedIn
Yes, Diebold Nixdorf maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/diebold.
Cybersecurity Incidents Involving Diebold Nixdorf
As of November 27, 2025, Rankiteo reports that Diebold Nixdorf has experienced 3 cybersecurity incidents.
Number of Peer and Competitor Companies
Diebold Nixdorf has an estimated 36,299 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Diebold Nixdorf ?
Incident Types: The types of cybersecurity incidents that have occurred include Vulnerability, Cyber Attack and Ransomware.
How does Diebold Nixdorf detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an communication strategy with letter to customers, and remediation measures with patches applied..
Incident Details
Can you provide details on each incident ?
Title: Diebold Nixdorf Ransomware Attack
Description: Diebold Nixdorf, a major provider of automatic teller machines (ATMs) and payment technology to banks and retailers, suffered a ransomware attack that disrupted some operations. ATMs or customer networks remained unaffected but the intrusion affected its corporate network. The investigation determined that the intruders installed the ProLock ransomware.
Type: Ransomware
Title: Cyber Attack on Diebold Nixdorf's Service Provider
Description: Diebold Nixdorf admitted a cyber attack on a service provider in a letter to customers, which provided optimization data for cash distribution to ATMs. The attack targeted a service provider's data center, which houses the CCO systems. The attack did not compromise customer data or statistics data.
Type: Cyber Attack
Title: Vulnerabilities in Diebold Nixdorf ATM Security Suite
Description: Independent researcher Matt Burch disclosed vulnerabilities in Diebold Nixdorf's ATM security solution, Vynamic Security Suite (VSS), during the Defcon security conference. The findings showed potential for attackers to circumvent hard drive encryption and gain full control over the machines if the patches are not applied, posing significant risks of financial data breach and unauthorized cash withdrawals. The unencrypted Linux partition used in the dual-boot configuration of the ATMs exacerbated the issue, allowing the exploitation path. Although Diebold has patched the issues, Burch suggested that patches might not be consistently deployed across all ATMs.
Type: Vulnerability Exploitation
Attack Vector: Hard Drive Encryption Bypass
Vulnerability Exploited: Unencrypted Linux Partition in Dual-Boot Configuration
Motivation: Financial Data BreachUnauthorized Cash Withdrawals
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Cyber Attack.
Impact of the Incidents
What was the impact of each incident ?
Incident : Ransomware DIE2035291222
Systems Affected: Corporate network
Operational Impact: Disruption of some operations
Incident : Cyber Attack DIE84429723
Systems Affected: CCO systems
Incident : Vulnerability Exploitation DIE000081024
Data Compromised: Financial Data
Systems Affected: ATMs
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Financial Data.
Which entities were affected by each incident ?
Incident : Ransomware DIE2035291222
Entity Name: Diebold Nixdorf
Entity Type: Company
Industry: Financial Technology
Incident : Cyber Attack DIE84429723
Entity Name: Diebold Nixdorf
Entity Type: Company
Industry: Financial Services
Incident : Cyber Attack DIE84429723
Entity Name: Planfocus
Entity Type: Service Provider
Industry: Technology
Incident : Vulnerability Exploitation DIE000081024
Entity Name: Diebold Nixdorf
Entity Type: Company
Industry: Financial Services
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Cyber Attack DIE84429723
Communication Strategy: Letter to customers
Incident : Vulnerability Exploitation DIE000081024
Remediation Measures: Patches Applied
Data Breach Information
What type of data was compromised in each breach ?
Incident : Vulnerability Exploitation DIE000081024
Type of Data Compromised: Financial Data
Data Encryption: Hard Drive Encryption
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Patches Applied.
Ransomware Information
Was ransomware involved in any of the incidents ?
Incident : Ransomware DIE2035291222
Ransomware Strain: ProLock
References
Where can I find more information about each incident ?
Incident : Cyber Attack DIE84429723
Source: Diebold Nixdorf
Incident : Vulnerability Exploitation DIE000081024
Source: Defcon Security Conference
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Diebold Nixdorf, and Source: Defcon Security Conference.
Investigation Status
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Letter To Customers.
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Vulnerability Exploitation DIE000081024
Root Causes: Unencrypted Linux Partition in Dual-Boot Configuration
Corrective Actions: Patches Applied
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Patches Applied.
Additional Questions
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident was Financial Data.
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was Corporate network and CCO systems and .
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach was Financial Data.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are Diebold Nixdorf and Defcon Security Conference.
.png)
Latest Global CVEs (Not Company-Specific)
Description
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.
Risk Information
cvss4
Base: 7.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
- https://github.com/angular/angular/commit/0276479e7d0e280e0f8d26fa567d3b7aa97a516f
- https://github.com/angular/angular/commit/05fe6686a97fa0bcd3cf157805b3612033f975bc
- https://github.com/angular/angular/commit/3240d856d942727372a705252f7c8c115394a41e
- https://github.com/angular/angular/releases/tag/19.2.16
- https://github.com/angular/angular/releases/tag/20.3.14
- https://github.com/angular/angular/releases/tag/21.0.1
- https://github.com/angular/angular/security/advisories/GHSA-58c5-g7wp-6w37
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 6.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected when working with large buffers. This includes a rule passing a large buffer to a Lua script. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling Lua rules and output scripts, or making sure limits, such as stream.depth.reassembly and HTTP response body limits (response-body-limit), are set to less than half the stack size.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64_data. This issue has been patched in version 8.0.2. A workaround involves disabling rules that use entropy in conjunction with base64_data.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=diebold' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
