FEMSA
Company Details
Linkedin ID:
femsa
Website:
Employees number:
11,953
Number of followers:
1,679,763
NAICS:
30
Industry Type:
Homepage:
femsa.com
IP Addresses:
0
Company ID:
FEM_1107387
Scan Status:
In-progress
FEMSA Company CyberSecurity Posture
femsa.com
FEMSA is a company that creates economic and social value through companies and institutions and strives to be the best employer and neighbor to the communities in which it operates. It participates in the retail industry through a Proximity Division operating OXXO, a small-format store chain, OXXO Gas, a chain of retail service stations, and Valora, an operator of convenience and foodvenience formats present in 5 countries in Europe. In the retail industry it also participates though a Health Division, which includes drugstores and related activities and Digital@FEMSA, which includes Spin by OXXO and OXXO Premia, among other loyalty and digital financial services initiatives. In the beverage industry, it participates through Coca-Cola FEMSA, the largest franchise bottler of Coca-Cola products in the world by volume. FEMSA also participates in the logistics and distribution industry through its Strategic Business Unit, which additionally provides point-of-sale refrigeration and plastic solutions to its business units and third-party clients. Across its business units, FEMSA has more than 350,000 employees in 18 countries. FEMSA is a member of the Dow Jones Sustainability MILA Pacific Alliance, the FTSE4Good Emerging Index and the Mexican Stock Exchange Sustainability Index: S&P/BMV Total México ESG, among other indexes that evaluate its sustainability performance.
FEMSA A.I CyberSecurity Scoring
FEMSA Risk Score (AI oriented)Between 800 and 849
FEMSA
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
FEMSA Global Score (TPRM)XXXX
FEMSA
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
FEMSA Company CyberSecurity News & History
Past Incidents
0
Attack Types
0
No data available
FEMSA Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for FEMSA
Incidents vs Manufacturing Industry Average (This Year)
No incidents recorded for FEMSA in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for FEMSA in 2025.
Incident Types FEMSA vs Manufacturing Industry Avg (This Year)
No incidents recorded for FEMSA in 2025.
Incident History — FEMSA (X = Date, Y = Severity)
FEMSA cyber incidents detection timeline including parent company and subsidiaries
FEMSA Company Subsidiaries
FEMSA is a company that creates economic and social value through companies and institutions and strives to be the best employer and neighbor to the communities in which it operates. It participates in the retail industry through a Proximity Division operating OXXO, a small-format store chain, OXXO Gas, a chain of retail service stations, and Valora, an operator of convenience and foodvenience formats present in 5 countries in Europe. In the retail industry it also participates though a Health Division, which includes drugstores and related activities and Digital@FEMSA, which includes Spin by OXXO and OXXO Premia, among other loyalty and digital financial services initiatives. In the beverage industry, it participates through Coca-Cola FEMSA, the largest franchise bottler of Coca-Cola products in the world by volume. FEMSA also participates in the logistics and distribution industry through its Strategic Business Unit, which additionally provides point-of-sale refrigeration and plastic solutions to its business units and third-party clients. Across its business units, FEMSA has more than 350,000 employees in 18 countries. FEMSA is a member of the Dow Jones Sustainability MILA Pacific Alliance, the FTSE4Good Emerging Index and the Mexican Stock Exchange Sustainability Index: S&P/BMV Total México ESG, among other indexes that evaluate its sustainability performance.
Loading...
FEMSA Similar Companies
AB InBev
As a company, we dream big to create a future with more cheers. We are always looking to serve up new ways to meet life’s moments, move our industry forward and make a meaningful impact in the world. We are committed to building great brands that stand the test of time and to brewing the best beers
Prysmian is a global cabling solutions provider leading the energy transition and digital transformation. By leveraging its wide geographical footprint and extensive product range, its track record of technological leadership and innovation, and a strong customer base, the company is well-placed to
A. O. Smith Corporation
Celebrating its 150th year of business, A. O. Smith is a leading global water technology and manufacturing company that proudly employs more than 12,000 people who together provide water heating and water treatment solutions. The company is headquartered in Milwaukee, Wisconsin, with operations in
Dräger
Dräger is an international leader in the fields of medical and safety technology. The family-owned company was founded in Lübeck, Germany, in 1889. The company’s long-term success is based on the four key strengths of its value-driven culture: customer intimacy, professional employees, continuous in
LISI GROUP
LISI is a global industrial group specializing in the manufacture of assembly solutions and high value-added components for the aerospace, automotive and medical sectors. A partner to the world's leading players and driven by its long-term family values, LISI innovates and invests in the research an
Cadbury Adams
Cadbury Adams USA has it all wrapped up -- in thin little rectangles wrapped in foil. The US division of British candy giant Cadbury makes candy, chewing gum, and mints. Its brands include Bubblicious, Certs, Chiclets, Dentyne, HALLS, Sour Patch, Swedish Fish, and Trident. The company also makes ret
the LEGO Group
We are the LEGO Group, the company behind the world’s most loved LEGO® bricks. Our brand name derived from the two Danish words Leg Godt, which mean “Play Well”. We’ve been sparking imaginations and inspiring the builders of tomorrow since 1932. This is our mission and what motivates our colleague
Steel Authority of India Limited (SAIL) traces its origin to the formative years of an emerging nation - India. After independence, the steel sector was to propel the economic growth and rapid industrialization of the country, and since 1973, SAIL steel has played a pivotal role in transforming the
A journey that began 75 years ago in a corner of India and has since traversed the world over. Uniting people from across countries, cultures, and customs over the years with a multitude of different dreams, there's power in an idea. An idea that gave rise to brands that stood the test of time, with
.png)
FEMSA CyberSecurity News
September 08, 2025 07:00 AM
ANDICOM 2025 Draws 6,000 Attendees to Cartagena for Latin American Business and Technology Conference
ANDICOM 2025, the Andes region's largest and most important enterprise technology conference, took place last week in Cartagena,...
January 15, 2024 08:00 AM
Spot Technologies, now with $2M, will see AI security tech go into Mexico Walmarts
Spot's flagship product, VisionX, taps into deep learning and computer vision technologies to analyze consumer and theft behaviors.
September 11, 2023 07:00 AM
Hackers Claim Coca-Cola Bottler Paid $1.5 Million to Keep Lid on ‘Certain’ Files Stolen in Ransomware Attack
Coca-Cola FEMSA, the world's largest franchise Coca-Cola bottler, allegedly suffered a cyberattack, prompting management to pay the hackers...
June 02, 2022 07:00 AM
Human Behavior: An Overlooked Aspect of Cybersecurity
To strengthen cybersecurity, industry leaders must secure the weakest link in the chain: users.
December 06, 2021 08:00 AM
Tec de Monterrey inaugurates Cybersecurity Hub facilities
It is part of the School of Engineering and Sciences, it is located on 278 square meters and has ultimate equipment.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
FEMSA CyberSecurity History Information
Official Website of FEMSA
The official website of FEMSA is http://www.femsa.com.
FEMSA’s AI-Generated Cybersecurity Score
According to Rankiteo, FEMSA’s AI-generated cybersecurity score is 812, reflecting their Good security posture.
How many security badges does FEMSA’ have ?
According to Rankiteo, FEMSA currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does FEMSA have SOC 2 Type 1 certification ?
According to Rankiteo, FEMSA is not certified under SOC 2 Type 1.
Does FEMSA have SOC 2 Type 2 certification ?
According to Rankiteo, FEMSA does not hold a SOC 2 Type 2 certification.
Does FEMSA comply with GDPR ?
According to Rankiteo, FEMSA is not listed as GDPR compliant.
Does FEMSA have PCI DSS certification ?
According to Rankiteo, FEMSA does not currently maintain PCI DSS compliance.
Does FEMSA comply with HIPAA ?
According to Rankiteo, FEMSA is not compliant with HIPAA regulations.
Does FEMSA have ISO 27001 certification ?
According to Rankiteo,FEMSA is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of FEMSA
FEMSA operates primarily in the Manufacturing industry.
Number of Employees at FEMSA
FEMSA employs approximately 11,953 people worldwide.
Subsidiaries Owned by FEMSA
FEMSA presently has no subsidiaries across any sectors.
FEMSA’s LinkedIn Followers
FEMSA’s official LinkedIn profile has approximately 1,679,763 followers.
NAICS Classification of FEMSA
FEMSA is classified under the NAICS code 30, which corresponds to Manufacturing.
FEMSA’s Presence on Crunchbase
No, FEMSA does not have a profile on Crunchbase.
FEMSA’s Presence on LinkedIn
Yes, FEMSA maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/femsa.
Cybersecurity Incidents Involving FEMSA
As of November 27, 2025, Rankiteo reports that FEMSA has not experienced any cybersecurity incidents.
Number of Peer and Competitor Companies
FEMSA has an estimated 7,601 peer or competitor companies worldwide.
FEMSA CyberSecurity History Information
How many cyber incidents has FEMSA faced ?
Total Incidents: According to Rankiteo, FEMSA has faced 0 incidents in the past.
What types of cybersecurity incidents have occurred at FEMSA ?
Incident Types: The types of cybersecurity incidents that have occurred include .
Incident Details
What are the most common types of attacks the company has faced ?
Additional Questions
.png)
Latest Global CVEs (Not Company-Specific)
Description
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.
Risk Information
cvss4
Base: 7.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
- https://github.com/angular/angular/commit/0276479e7d0e280e0f8d26fa567d3b7aa97a516f
- https://github.com/angular/angular/commit/05fe6686a97fa0bcd3cf157805b3612033f975bc
- https://github.com/angular/angular/commit/3240d856d942727372a705252f7c8c115394a41e
- https://github.com/angular/angular/releases/tag/19.2.16
- https://github.com/angular/angular/releases/tag/20.3.14
- https://github.com/angular/angular/releases/tag/21.0.1
- https://github.com/angular/angular/security/advisories/GHSA-58c5-g7wp-6w37
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 6.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected when working with large buffers. This includes a rule passing a large buffer to a Lua script. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling Lua rules and output scripts, or making sure limits, such as stream.depth.reassembly and HTTP response body limits (response-body-limit), are set to less than half the stack size.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64_data. This issue has been patched in version 8.0.2. A workaround involves disabling rules that use entropy in conjunction with base64_data.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=femsa' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
