Figshare
Company Details
Linkedin ID:
figshare
Website:
Employees number:
17
Number of followers:
2,676
NAICS:
511
Industry Type:
Homepage:
figshare.com
IP Addresses:
0
Company ID:
FIG_2436458
Scan Status:
In-progress
Figshare Company CyberSecurity Posture
figshare.com
"Get credit for all of your research." Scientific publishing as it stands is an inefficient way to do science on a global scale. A lot of time and money is being wasted by groups around the world duplicating research that has already been carried out. FigShare allows you to share all of your data, negative results and unpublished figures. In doing this, other researchers will not duplicate the work, but instead may publish with your previously wasted figures, or offer collaboration opportunities and feedback on preprint figures.
Figshare A.I CyberSecurity Scoring
Figshare Risk Score (AI oriented)Between 750 and 799
Figshare
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Figshare Global Score (TPRM)XXXX
Figshare
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Figshare Company CyberSecurity News & History
Past Incidents
4
Attack Types
3
Holtzbrinck Publishing Group
Cyber Attack
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: A hacking attack has been launched against an IT service provider for Holtzbrinck book publishers. It was already widely known about the hacker attack. All external connections were severed as a safety measure. All systems have been reviewed, and there is no evidence of data leakage—not even from clients or business partners. The publishing company acknowledged that there can occasionally be delivery difficulties and delays for clients as a result of this occurrence.
Macmillan
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Macmillan suffered a data breach after an unauthorized party was able to bypass its data security system and gain access to sensitive consumer information on the company’s computer system. The breach compromised the consumer names, addresses, Social Security numbers, driver’s license numbers and financial account information of about 1,193 victims. Macmillan took all affected servers offline and began investigating the incident and sent out data breach letters to all affected parties.
Macmillan
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The Vermont Office of the Attorney General reported a data breach involving Macmillan on December 1, 2022. The breach occurred between June 16, 2022, and June 25, 2022, affecting an unspecified number of individuals and potentially compromising personal information including names. Macmillan has offered twenty-four months of complimentary credit monitoring services through Experian as a response.
Macmillan
Ransomware
Rankiteo Explanation
Attack threatening the organization's existence
Description: Publishing giant Macmillan fell victim to a ransomware attack which forced it to shut down its network and offices while recovering from a security incident. The attack involved the encryption of certain files on our network after which agents and clients that they have lost access to their systems, emails, and files. The company shut down all of its IT systems to prevent the spread of the attack and investigated the incident and restored the systems.
Figshare Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Figshare
Incidents vs Book and Periodical Publishing Industry Average (This Year)
No incidents recorded for Figshare in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Figshare in 2025.
Incident Types Figshare vs Book and Periodical Publishing Industry Avg (This Year)
No incidents recorded for Figshare in 2025.
Incident History — Figshare (X = Date, Y = Severity)
Figshare cyber incidents detection timeline including parent company and subsidiaries
Figshare Company Subsidiaries
"Get credit for all of your research." Scientific publishing as it stands is an inefficient way to do science on a global scale. A lot of time and money is being wasted by groups around the world duplicating research that has already been carried out. FigShare allows you to share all of your data, negative results and unpublished figures. In doing this, other researchers will not duplicate the work, but instead may publish with your previously wasted figures, or offer collaboration opportunities and feedback on preprint figures.
Loading...
Figshare Similar Companies
Fujitsu Portugal
A Fujitsu é a companhia líder japonesa de tecnologias de informação e comunicação (TIC) disponibilizando um leque completo de produtos tecnológicos, soluções e serviços. Cerca de 132.000 colaboradores da Fujitsu prestam suporte a clientes em mais de 100 países. Utilizamos a nossa experiência e o pod
VINCI Energies
In a world undergoing constant change, VINCI Energies contributes to the environmental transition by helping bring about major trends in the digital landscape and energy sector. VINCI Energies’ teams roll out technologies and integrate customised multi-technical solutions, from design to implement
AKKA is a European leader in engineering consulting and R&D services. Our comprehensive portfolio of digital solutions combined with our expertise in engineering, uniquely positions us to support our clients by leveraging the power of connected data to accelerate innovation and drive the future of s
Thoughtworks is a pioneering global technology consultancy, leading the charge in custom software development and technology innovation. We empower ambitious businesses to thrive in a constantly evolving world. We integrate the best of strategy, design, and software engineering to provide our client
SONDA
We are at the forefront of digital transformation in the Americas, positively impacting the lives of over 500 million people. As a key player in emerging industries, we drive innovation and change through ambitious modernization projects and cutting-edge solutions. By understanding the region's chal
Exela is a business process automation (BPA) leader, leveraging a global footprint and proprietary technology to provide digital transformation solutions enhancing quality, productivity, and end-user experience. With decades of expertise operating mission-critical processes, Exela serves a growing
.png)
Figshare CyberSecurity News
November 12, 2024 08:00 AM
New report: Cyberthreats are growing – so are patents for technology to combat them
In its latest Technology Spotlight, IFI CLAIMS Patent Services has analyzed the top companies and their inventions to help safeguard...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Figshare CyberSecurity History Information
Official Website of Figshare
The official website of Figshare is http://figshare.com.
Figshare’s AI-Generated Cybersecurity Score
According to Rankiteo, Figshare’s AI-generated cybersecurity score is 750, reflecting their Fair security posture.
How many security badges does Figshare’ have ?
According to Rankiteo, Figshare currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Figshare have SOC 2 Type 1 certification ?
According to Rankiteo, Figshare is not certified under SOC 2 Type 1.
Does Figshare have SOC 2 Type 2 certification ?
According to Rankiteo, Figshare does not hold a SOC 2 Type 2 certification.
Does Figshare comply with GDPR ?
According to Rankiteo, Figshare is not listed as GDPR compliant.
Does Figshare have PCI DSS certification ?
According to Rankiteo, Figshare does not currently maintain PCI DSS compliance.
Does Figshare comply with HIPAA ?
According to Rankiteo, Figshare is not compliant with HIPAA regulations.
Does Figshare have ISO 27001 certification ?
According to Rankiteo,Figshare is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Figshare
Figshare operates primarily in the Book and Periodical Publishing industry.
Number of Employees at Figshare
Figshare employs approximately 17 people worldwide.
Subsidiaries Owned by Figshare
Figshare presently has no subsidiaries across any sectors.
Figshare’s LinkedIn Followers
Figshare’s official LinkedIn profile has approximately 2,676 followers.
NAICS Classification of Figshare
Figshare is classified under the NAICS code 511, which corresponds to Publishing Industries (except Internet).
Figshare’s Presence on Crunchbase
Yes, Figshare has an official profile on Crunchbase, which can be accessed here: https://www.crunchbase.com/organization/figshare.
Figshare’s Presence on LinkedIn
Yes, Figshare maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/figshare.
Cybersecurity Incidents Involving Figshare
As of November 28, 2025, Rankiteo reports that Figshare has experienced 4 cybersecurity incidents.
Number of Peer and Competitor Companies
Figshare has an estimated 4,881 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Figshare ?
Incident Types: The types of cybersecurity incidents that have occurred include Ransomware, Cyber Attack and Breach.
How does Figshare detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an containment measures with shut down all it systems, and remediation measures with investigated the incident, remediation measures with restored the systems, and containment measures with took all affected servers offline, and communication strategy with sent out data breach letters to all affected parties, and containment measures with severed all external connections, and communication strategy with acknowledged delivery difficulties and delays, and third party assistance with experian, and remediation measures with complimentary credit monitoring services..
Incident Details
Can you provide details on each incident ?
Title: Macmillan Ransomware Attack
Description: Publishing giant Macmillan fell victim to a ransomware attack which forced it to shut down its network and offices while recovering from a security incident. The attack involved the encryption of certain files on our network after which agents and clients that they have lost access to their systems, emails, and files. The company shut down all of its IT systems to prevent the spread of the attack and investigated the incident and restored the systems.
Type: Ransomware
Attack Vector: Encryption of files
Title: Macmillan Data Breach
Description: Macmillan suffered a data breach after an unauthorized party was able to bypass its data security system and gain access to sensitive consumer information on the company’s computer system.
Type: Data Breach
Attack Vector: Unauthorized access to data security system
Threat Actor: Unauthorized party
Title: Hacking Attack on IT Service Provider for Holtzbrinck Book Publishers
Description: A hacking attack has been launched against an IT service provider for Holtzbrinck book publishers. All external connections were severed as a safety measure. All systems have been reviewed, and there is no evidence of data leakage—not even from clients or business partners. The publishing company acknowledged that there can occasionally be delivery difficulties and delays for clients as a result of this occurrence.
Type: Hacking Attack
Title: Macmillan Data Breach
Description: The Vermont Office of the Attorney General reported a data breach involving Macmillan on December 1, 2022. The breach occurred between June 16, 2022, and June 25, 2022, affecting an unspecified number of individuals and potentially compromising personal information including names. Macmillan has offered twenty-four months of complimentary credit monitoring services through Experian as a response.
Date Detected: 2022-12-01
Date Publicly Disclosed: 2022-12-01
Type: Data Breach
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident ?
Incident : Ransomware MAC1626722
Systems Affected: IT systemsemailsfiles
Incident : Data Breach MAC224781222
Data Compromised: Consumer names, Addresses, Social security numbers, Driver’s license numbers, Financial account information
Incident : Hacking Attack HOL3610723
Downtime: ['Delivery difficulties and delays for clients']
Operational Impact: Delivery difficulties and delays for clients
Incident : Data Breach MAC943072525
Data Compromised: Names
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Consumer Names, Addresses, Social Security Numbers, Driver’S License Numbers, Financial Account Information, , Personal Information and .
Which entities were affected by each incident ?
Incident : Ransomware MAC1626722
Entity Name: Macmillan
Entity Type: Publishing Company
Industry: Publishing
Customers Affected: agents, clients
Incident : Data Breach MAC224781222
Entity Name: Macmillan
Entity Type: Company
Industry: Publishing
Customers Affected: 1193
Incident : Hacking Attack HOL3610723
Entity Name: Holtzbrinck book publishers
Entity Type: Publishing Company
Industry: Publishing
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Ransomware MAC1626722
Containment Measures: Shut down all IT systems
Remediation Measures: Investigated the incidentRestored the systems
Incident : Data Breach MAC224781222
Containment Measures: Took all affected servers offline
Communication Strategy: Sent out data breach letters to all affected parties
Incident : Hacking Attack HOL3610723
Containment Measures: Severed all external connections
Communication Strategy: Acknowledged delivery difficulties and delays
Incident : Data Breach MAC943072525
Third Party Assistance: Experian.
Remediation Measures: Complimentary credit monitoring services
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through Experian, .
Data Breach Information
What type of data was compromised in each breach ?
Incident : Ransomware MAC1626722
Data Encryption: Certain files on the network
Incident : Data Breach MAC224781222
Type of Data Compromised: Consumer names, Addresses, Social security numbers, Driver’s license numbers, Financial account information
Number of Records Exposed: 1193
Sensitivity of Data: High
Incident : Data Breach MAC943072525
Type of Data Compromised: Personal information
Personally Identifiable Information: names
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Investigated the incident, Restored the systems, , Complimentary credit monitoring services, .
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by shut down all it systems, , took all affected servers offline, , severed all external connections and .
Ransomware Information
Was ransomware involved in any of the incidents ?
Incident : Ransomware MAC1626722
Data Encryption: Certain files on the network
References
Where can I find more information about each incident ?
Incident : Data Breach MAC943072525
Source: Vermont Office of the Attorney General
Date Accessed: 2022-12-01
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Vermont Office of the Attorney GeneralDate Accessed: 2022-12-01.
Investigation Status
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Sent Out Data Breach Letters To All Affected Parties and Acknowledged Delivery Difficulties And Delays.
Post-Incident Analysis
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Experian, .
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident was an Unauthorized party.
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2022-12-01.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2022-12-01.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Consumer names, Addresses, Social Security numbers, Driver’s license numbers, Financial account information, , names and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was IT systemsemailsfiles.
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was experian, .
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident were Shut down all IT systems, Took all affected servers offline and Severed all external connections.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were names, Addresses, Financial account information, Driver’s license numbers, Consumer names and Social Security numbers.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 122.0.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident is Vermont Office of the Attorney General.
.png)
Latest Global CVEs (Not Company-Specific)
Description
ThingsBoard in versions prior to v4.2.1 allows an authenticated user to upload malicious SVG images via the "Image Gallery", leading to a Stored Cross-Site Scripting (XSS) vulnerability. The exploit can be triggered when any user accesses the public API endpoint of the malicious SVG images, or if the malicious images are embedded in an `iframe` element, during a widget creation, deployed to any page of the platform (e.g., dashboards), and accessed during normal operations. The vulnerability resides in the `ImageController`, which fails to restrict the execution of JavaScript code when an image is loaded by the user's browser. This vulnerability can lead to the execution of malicious code in the context of other users' sessions, potentially compromising their accounts and allowing unauthorized actions.
Risk Information
cvss4
Base: 6.2
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Mattermost versions 11.0.x <= 11.0.2, 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12 fail to to verify that the token used during the code exchange originates from the same authentication flow, which allows an authenticated user to perform account takeover via a specially crafted email address used when switching authentication methods and sending a request to the /users/login/sso/code-exchange endpoint. The vulnerability requires ExperimentalEnableAuthenticationTransfer to be enabled (default: enabled) and RequireEmailVerification to be disabled (default: disabled).
Risk Information
cvss3
Base: 9.9
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
References
Description
Mattermost versions 11.0.x <= 11.0.2, 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12 fail to sanitize team email addresses to be visible only to Team Admins, which allows any authenticated user to view team email addresses via the GET /api/v4/channels/{channel_id}/common_teams endpoint
Risk Information
cvss3
Base: 4.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
References
Description
Exposure of email service credentials to users without administrative rights in Devolutions Server.This issue affects Devolutions Server: before 2025.2.21, before 2025.3.9.
Description
Exposure of credentials in unintended requests in Devolutions Server.This issue affects Server: through 2025.2.20, through 2025.3.8.
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=figshare' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
