Comparison Overview

Goldman Sachs

VS

Capital Group

Goldman Sachs

200 West Street, New York, New York, US, 10282
Last Update: 2025-12-09
View Profile
Between 800 and 849
http://www.goldmansachs.com

We aspire to be the world’s most exceptional financial institution, united by our shared values of partnership, client service, integrity, and excellence. Operating at the center of capital markets, we act as one firm, mobilizing our people, capital, and ideas to deliver superior results across our clients’ most complex challenges. For 156 years, Goldman Sachs has delivered world-class execution on a global scale across our leading Global Banking & Markets and Asset & Wealth Management businesses. Apprenticeship is central to our culture, with hands-on coaching and access to leaders who bring decades of experience and expertise. With office locations around the world, we offer a broad range of career opportunities to those who insist on excellence and thrive on performance. Find our Social Media Disclosures here: gs.com/social-media-disclosures

NAICS: 52
NAICS Definition: Finance and Insurance
Employees: 65,766
Subsidiaries: 7
12-month incidents
0
Known data breaches
0
Attack type number
0
View Profile

Capital Group

333 South Hope Street, None, Los Angeles, CA, US, 90071
Last Update: 2025-12-09
Between 750 and 799
https://www.capitalgroup.com/us/landing-pages/linkedin-terms-of-use.html

Capital Group was established in 1931 in Los Angeles, California, and now has 31 offices around the globe. For over 90 years we've provided carefully researched investment solutions and services to financial professionals. *** We've been made aware of an employment scam fraudulently using Capital Group's name. Please note: Capital Group currently does not offer 100% remote work positions. On average, the interview process can take one to three months to go from resume submission to offer. Financial transactions are never part of the job on boarding process. For your own cyber safety and security, if you suspect fraud, please do not respond to or interact with messages claiming to be from Capital Group. You can also contact [email protected] to verify a job opportunity.*** This content is published by Capital Group, home of American Funds Distributors, Inc. which will be renamed Capital Client Group, Inc. on or around July 1, 2024. For important legal information please click the company details website link: https://www.capitalgroup.com/us/landing-pages/linkedin-terms-of-use.html

NAICS: 52
NAICS Definition: Finance and Insurance
Employees: 10,374
Subsidiaries: 1
12-month incidents
0
Known data breaches
0
Attack type number
0

Compliance Badges Comparison

Security & Compliance Standards Overview

https://images.rankiteo.com/companyimages/goldman-sachs.jpeg
Goldman Sachs
ISO 27001
ISO 27001 certification not verified
Not verified
SOC2 Type 1
SOC2 Type 1 certification not verified
Not verified
SOC2 Type 2
SOC2 Type 2 certification not verified
Not verified
GDPR
GDPR certification not verified
Not verified
PCI DSS
PCI DSS certification not verified
Not verified
HIPAA
HIPAA certification not verified
Not verified
https://images.rankiteo.com/companyimages/capital-group.jpeg
Capital Group
ISO 27001
ISO 27001 certification not verified
Not verified
SOC2 Type 1
SOC2 Type 1 certification not verified
Not verified
SOC2 Type 2
SOC2 Type 2 certification not verified
Not verified
GDPR
GDPR certification not verified
Not verified
PCI DSS
PCI DSS certification not verified
Not verified
HIPAA
HIPAA certification not verified
Not verified
Compliance Summary
Goldman Sachs
100%
Compliance Rate
0/4 Standards Verified
Capital Group
0%
Compliance Rate
0/4 Standards Verified

Benchmark & Cyber Underwriting Signals

Incidents vs Financial Services Industry Average (This Year)

No incidents recorded for Goldman Sachs in 2025.

Incidents vs Financial Services Industry Average (This Year)

No incidents recorded for Capital Group in 2025.

Incident History — Goldman Sachs (X = Date, Y = Severity)

Goldman Sachs cyber incidents detection timeline including parent company and subsidiaries

Incident History — Capital Group (X = Date, Y = Severity)

Capital Group cyber incidents detection timeline including parent company and subsidiaries

Notable Incidents

Last 3 Security & Risk Events by Company

https://images.rankiteo.com/companyimages/goldman-sachs.jpeg
Goldman Sachs
Incidents

No Incident

https://images.rankiteo.com/companyimages/capital-group.jpeg
Capital Group
Incidents

No Incident

FAQ

Goldman Sachs company demonstrates a stronger AI Cybersecurity Score compared to Capital Group company, reflecting its advanced cybersecurity posture governance and monitoring frameworks.

Historically, Capital Group company has disclosed a higher number of cyber incidents compared to Goldman Sachs company.

In the current year, Capital Group company and Goldman Sachs company have not reported any cyber incidents.

Neither Capital Group company nor Goldman Sachs company has reported experiencing a ransomware attack publicly.

Neither Capital Group company nor Goldman Sachs company has reported experiencing a data breach publicly.

Neither Capital Group company nor Goldman Sachs company has reported experiencing targeted cyberattacks publicly.

Neither Goldman Sachs company nor Capital Group company has reported experiencing or disclosing vulnerabilities publicly.

Neither Goldman Sachs nor Capital Group holds any compliance certifications.

Neither company holds any compliance certifications.

Goldman Sachs company has more subsidiaries worldwide compared to Capital Group company.

Goldman Sachs company employs more people globally than Capital Group company, reflecting its scale as a Financial Services.

Neither Goldman Sachs nor Capital Group holds SOC 2 Type 1 certification.

Neither Goldman Sachs nor Capital Group holds SOC 2 Type 2 certification.

Neither Goldman Sachs nor Capital Group holds ISO 27001 certification.

Neither Goldman Sachs nor Capital Group holds PCI DSS certification.

Neither Goldman Sachs nor Capital Group holds HIPAA certification.

Neither Goldman Sachs nor Capital Group holds GDPR certification.

Latest Global CVEs (Not Company-Specific)

Description

NXLog Agent before 6.11 can load a file specified by the OPENSSL_CONF environment variable.

Published
Date
2025-12-14
Updated
Date
2025-12-14
Risk Information
cvss3
Base: 8.1
Severity: HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
References
Description

uriparser through 0.9.9 allows unbounded recursion and stack consumption, as demonstrated by ParseMustBeSegmentNzNc with large input containing many commas.

Published
Date
2025-12-14
Updated
Date
2025-12-14
Risk Information
cvss3
Base: 2.9
Severity: HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
References
Description

A vulnerability was detected in Mayan EDMS up to 4.10.1. The affected element is an unknown function of the file /authentication/. The manipulation results in cross site scripting. The attack may be performed from remote. The exploit is now public and may be used. Upgrading to version 4.10.2 is sufficient to fix this issue. You should upgrade the affected component. The vendor confirms that this is "[f]ixed in version 4.10.2". Furthermore, that "[b]ackports for older versions in process and will be out as soon as their respective CI pipelines complete."

Published
Date
2025-12-14
Updated
Date
2025-12-14
Risk Information
cvss2
Base: 5.0
Severity: LOW
AV:N/AC:L/Au:N/C:N/I:P/A:N
cvss3
Base: 4.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

MJML through 4.18.0 allows mj-include directory traversal to test file existence and (in the type="css" case) read files. NOTE: this issue exists because of an incomplete fix for CVE-2020-12827.

Published
Date
2025-12-14
Updated
Date
2025-12-14
Risk Information
cvss3
Base: 4.5
Severity: HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:L
References
Description

A half-blind Server Side Request Forgery (SSRF) vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane’s host network (including link-local or loopback services).

Published
Date
2025-12-14
Updated
Date
2025-12-14
Risk Information
cvss3
Base: 5.8
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N
References