Frasers Group
Company Details
Linkedin ID:
frasers-group
Website:
Employees number:
14,684
Number of followers:
115,985
NAICS:
43
Industry Type:
Homepage:
frasers.group
IP Addresses:
0
Company ID:
FRA_3168768
Scan Status:
In-progress
Frasers Group Company CyberSecurity Posture
frasers.group
Frasers Group started as a small store in Maidenhead in 1982 and from there, grew to become a global powerhouse. We are now a collection of the world’s most iconic brands including Sports Direct, Flannels, GAME, Jack Wills, Sofa.com, Evans Cycles, USC, and Everlast. We believe the higher the risk, the greater the reward. We’ve never been afraid to strive forward and change the way the industry operates, diversifying our portfolio and elevating stores. We’re pushing the boundaries of traditional retail environments; future-proofing our business and improving product access to create a shopping environment that will be fit for purpose for many more years to come. We’re not sitting back – there’s no room for hesitation.
Frasers Group A.I CyberSecurity Scoring
Frasers Group Risk Score (AI oriented)Between 750 and 799
Frasers Group
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Frasers Group Global Score (TPRM)XXXX
Frasers Group
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Frasers Group Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
Sports Direct
Breach
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: The Register has verified that Sports Direct, the biggest sports retail company in the UK, was compromised in the previous year, but the company has yet to notify its employees about the incident. A hacker gained access to the company's internal systems and stole the personal data of its employees, including names, phone numbers, and email and postal addresses. The unpatched version of the DNN platform, which Sports Direct uses to host the staff site, was vulnerable to known vulnerabilities that the attackers took advantage of. As per El Reg, Sports Direct has not yet notified the employees about the data breach. Following its discovery of the hack, the company notified the Information Commissioner's Office of the issue.
Frasers Group Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Frasers Group
Incidents vs Retail Industry Average (This Year)
No incidents recorded for Frasers Group in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Frasers Group in 2025.
Incident Types Frasers Group vs Retail Industry Avg (This Year)
No incidents recorded for Frasers Group in 2025.
Incident History — Frasers Group (X = Date, Y = Severity)
Frasers Group cyber incidents detection timeline including parent company and subsidiaries
Frasers Group Company Subsidiaries
Frasers Group started as a small store in Maidenhead in 1982 and from there, grew to become a global powerhouse. We are now a collection of the world’s most iconic brands including Sports Direct, Flannels, GAME, Jack Wills, Sofa.com, Evans Cycles, USC, and Everlast. We believe the higher the risk, the greater the reward. We’ve never been afraid to strive forward and change the way the industry operates, diversifying our portfolio and elevating stores. We’re pushing the boundaries of traditional retail environments; future-proofing our business and improving product access to create a shopping environment that will be fit for purpose for many more years to come. We’re not sitting back – there’s no room for hesitation.
Loading...
Frasers Group Similar Companies
Jean Coutu
Fondé en 1969, le réseau Jean Coutu figure parmi les noms les plus réputés dans l’industrie canadienne de la vente au détail en pharmacie et compte un réseau de plus de 420 établissements franchisés au Québec, au Nouveau-Brunswick et en Ontario sous les bannières PJC Jean Coutu, PJC Santé et PJC San
Ross Stores, Inc.
For the last 40+ years, Ross Stores, Inc. has grown from a six-store chain into an $21.1 billion, Fortune 500 Company. We operate our off-price businesses in a way that keeps costs low so we can pass the savings to our customers. We continue to open new stores and our sales growth has outpaced tradi
Reliance Retail
Reliance Retail is the retail initiative of RIL and an epicentre of our consumer-facing businesses. It has been ranked as the fastest-growing retailer in the world. It is ranked 53rd in the list of Top Global Retailers and is the only Indian Retailer to feature in the Top 100. It is the largest & th
Intermarché
Reconnue pour son combat contre la vie chère, Intermarché s'appuie sur un réseau de 2 328 points de vente en Europe (France, Belgique, Pologne, Portugal). Spécialiste des produits frais, l’enseigne propose différents formats de points de vente pour répondre aux attentes de ses clients : - Interma
Dillard's Inc.
Dillard's, Inc. ranks among the nation's largest fashion apparel and home furnishings retailers with annual revenues exceeding $6.1 billion. The Company focuses on delivering maximum fashion and value to its shoppers by offering compelling apparel and home selections complemented by exceptional cust
Jewel-Osco
Proudly serving our customers in the Chicagoland area since 1899, Jewel-Osco provides friendly service, quality products and great value. Jewel-Osco operates 188 stores throughout the Chicagoland area, Indiana and Iowa, which is part of a 2,200+ store operation that employs approximately 290,000 peo
Auchan Retail
To create new-generation retailing that improves people’s lives, Auchan Retail places customers at the centre of its actions and reaffirms the retailer’s role: that of a multi-format, “phygital” activist for good, healthy, local produce that constantly reinvents itself to deliver a new customer expe
Boots UK
Boots is the UK’s leading health and beauty retailer with over 52,000 team members and around 1,800 stores,* ranging from local community pharmacies to large destination health and beauty stores. We serve our customers and patients’ wellbeing for life as the leading provider of healthcare on the hi
Sodimac
#SomosUnEquipo Te invitamos a conocer y a ser parte de nuestra Casa, un lugar donde la innovación, la sostenibilidad y la diversidad se viven día a día. Con más de 60 años de trayectoria y presencia en Chile, Perú, Colombia, Argentina, Brasil, Uruguay y México, nuestra compañía se enfoca en el mejor
.png)
Frasers Group CyberSecurity News
October 30, 2025 08:12 AM
Helping Quebec non-profits below ‘cybersecurity poverty line’ strengthen networks
MONTREAL — Facing the threat of cyberattacks and with limited budgets, non-profit organizations across Quebec are being offered free...
October 24, 2025 07:00 AM
Frasers Group leads in agentic commerce with commercetools deal
Frasers Group partners exclusively with commercetools to pioneer AI-driven agentic commerce in Europe across Sports Direct, FLANNELS and...
October 23, 2025 07:00 AM
Agentic Commerce: Frasers Group macht Shoppen via ChatGPT möglich
Technologischer Meilenstein im europäischen Einzelhandel: Die Frasers Group integriert KI kanalübergreifend und wird als erster europäischer...
October 17, 2025 07:00 AM
Frasers Group integrates agentic AI ecommerce suite with new partnership
Frasers Group has become the first European retailer to partner with agentic AI specialist commercetools to implement the company's complete...
October 17, 2025 07:00 AM
In pictures: Frasers Group unveils Sports Direct flagship in Liverpool
Frasers Group has opened a new store in Liverpool, bringing together Sports Direct and Everlast Gyms+ under one roof.
October 10, 2025 07:00 AM
Frasers Group takes majority stake in US luxury retailer The Webster
Frasers Group has acquired a majority stake in Miami-based luxury retailer The Webster, to expand its global luxury ecosystem.
October 10, 2025 07:00 AM
Frasers Group buys majority stake in luxury retailer The Webster
British retail giant Frasers Group has purchased a majority stake in The Webster, a multi-brand luxury retailer in the US.
October 09, 2025 07:00 AM
Frasers Group acquires majority stake in The Webster
Frasers Group has snapped up a majority stake in luxury US fashion house The Webster. The acquisition comes under a new strategic...
September 15, 2025 07:00 AM
Who is Jacky Wright? Former Microsoft CDO joins Frasers Group
Former Microsoft chief digital officer (CDO) Jacky Wright is set to join retail giant Frasers Group as a non-executive director next week.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Frasers Group CyberSecurity History Information
Official Website of Frasers Group
The official website of Frasers Group is http://frasers.group.
Frasers Group’s AI-Generated Cybersecurity Score
According to Rankiteo, Frasers Group’s AI-generated cybersecurity score is 784, reflecting their Fair security posture.
How many security badges does Frasers Group’ have ?
According to Rankiteo, Frasers Group currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Frasers Group have SOC 2 Type 1 certification ?
According to Rankiteo, Frasers Group is not certified under SOC 2 Type 1.
Does Frasers Group have SOC 2 Type 2 certification ?
According to Rankiteo, Frasers Group does not hold a SOC 2 Type 2 certification.
Does Frasers Group comply with GDPR ?
According to Rankiteo, Frasers Group is not listed as GDPR compliant.
Does Frasers Group have PCI DSS certification ?
According to Rankiteo, Frasers Group does not currently maintain PCI DSS compliance.
Does Frasers Group comply with HIPAA ?
According to Rankiteo, Frasers Group is not compliant with HIPAA regulations.
Does Frasers Group have ISO 27001 certification ?
According to Rankiteo,Frasers Group is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Frasers Group
Frasers Group operates primarily in the Retail industry.
Number of Employees at Frasers Group
Frasers Group employs approximately 14,684 people worldwide.
Subsidiaries Owned by Frasers Group
Frasers Group presently has no subsidiaries across any sectors.
Frasers Group’s LinkedIn Followers
Frasers Group’s official LinkedIn profile has approximately 115,985 followers.
NAICS Classification of Frasers Group
Frasers Group is classified under the NAICS code 43, which corresponds to Retail Trade.
Frasers Group’s Presence on Crunchbase
Yes, Frasers Group has an official profile on Crunchbase, which can be accessed here: https://www.crunchbase.com/organization/sports-direct-international.
Frasers Group’s Presence on LinkedIn
Yes, Frasers Group maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/frasers-group.
Cybersecurity Incidents Involving Frasers Group
As of November 27, 2025, Rankiteo reports that Frasers Group has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
Frasers Group has an estimated 15,247 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Frasers Group ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
Incident Details
Can you provide details on each incident ?
Title: Sports Direct Data Breach
Description: A hacker gained access to the company's internal systems and stole the personal data of its employees, including names, phone numbers, and email and postal addresses.
Type: Data Breach
Attack Vector: Unpatched DNN platform vulnerabilities
Vulnerability Exploited: Known vulnerabilities in DNN platform
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach SPO1325191123
Data Compromised: Names, Phone numbers, Email addresses, Postal addresses
Systems Affected: Staff site hosted on DNN platform
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Names, Phone Numbers, Email Addresses, Postal Addresses and .
Which entities were affected by each incident ?
Incident : Data Breach SPO1325191123
Entity Name: Sports Direct
Entity Type: Organization
Industry: Retail
Location: UK
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach SPO1325191123
Type of Data Compromised: Names, Phone numbers, Email addresses, Postal addresses
Personally Identifiable Information: Yes
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Data Breach SPO1325191123
Regulatory Notifications: Information Commissioner's Office
References
Where can I find more information about each incident ?
Incident : Data Breach SPO1325191123
Source: The Register
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: The Register.
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Data Breach SPO1325191123
Root Causes: Unpatched DNN platform
Additional Questions
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were names, phone numbers, email addresses, postal addresses and .
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were postal addresses, phone numbers, names and email addresses.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident is The Register.
.png)
Latest Global CVEs (Not Company-Specific)
Description
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.
Risk Information
cvss4
Base: 7.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
- https://github.com/angular/angular/commit/0276479e7d0e280e0f8d26fa567d3b7aa97a516f
- https://github.com/angular/angular/commit/05fe6686a97fa0bcd3cf157805b3612033f975bc
- https://github.com/angular/angular/commit/3240d856d942727372a705252f7c8c115394a41e
- https://github.com/angular/angular/releases/tag/19.2.16
- https://github.com/angular/angular/releases/tag/20.3.14
- https://github.com/angular/angular/releases/tag/21.0.1
- https://github.com/angular/angular/security/advisories/GHSA-58c5-g7wp-6w37
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 6.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected when working with large buffers. This includes a rule passing a large buffer to a Lua script. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling Lua rules and output scripts, or making sure limits, such as stream.depth.reassembly and HTTP response body limits (response-body-limit), are set to less than half the stack size.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64_data. This issue has been patched in version 8.0.2. A workaround involves disabling rules that use entropy in conjunction with base64_data.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=frasers-group' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
