HKI
Company Details
Linkedin ID:
hatch-&-kirk-inc.
Website:
Employees number:
21
Number of followers:
656
NAICS:
3365
Industry Type:
Homepage:
hatchkirk.com
IP Addresses:
0
Company ID:
HAT_2999475
Scan Status:
In-progress
Hatch & Kirk, Inc. Company CyberSecurity Posture
hatchkirk.com
Hatch & Kirk Inc. is an AAR M-1003 certified global leader in the manufacture, remanufacture, sale and distribution of engines and aftermarket diesel engine parts for EMD, ALCO, Fairbanks-Morse and Cleveland brand engines. Established in 1945, we have spent the past 70 years building and maintaining one of the strongest reputations in the industry for delivery, quality, competitive pricing and outstanding customer service. H&K is so confident in our product that we offer an industry-leading two-year warranty on all of our engines and engine parts.
Hatch & Kirk, Inc. A.I CyberSecurity Scoring
HKI Risk Score (AI oriented)Between 700 and 749
HKI
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
HKI Global Score (TPRM)XXXX
HKI
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
HKI Company CyberSecurity News & History
Past Incidents
0
Attack Types
0
No data available
HKI Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for HKI
Incidents vs Railroad Equipment Manufacturing Industry Average (This Year)
No incidents recorded for Hatch & Kirk, Inc. in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Hatch & Kirk, Inc. in 2025.
Incident Types HKI vs Railroad Equipment Manufacturing Industry Avg (This Year)
No incidents recorded for Hatch & Kirk, Inc. in 2025.
Incident History — HKI (X = Date, Y = Severity)
HKI cyber incidents detection timeline including parent company and subsidiaries
HKI Company Subsidiaries
Hatch & Kirk Inc. is an AAR M-1003 certified global leader in the manufacture, remanufacture, sale and distribution of engines and aftermarket diesel engine parts for EMD, ALCO, Fairbanks-Morse and Cleveland brand engines. Established in 1945, we have spent the past 70 years building and maintaining one of the strongest reputations in the industry for delivery, quality, competitive pricing and outstanding customer service. H&K is so confident in our product that we offer an industry-leading two-year warranty on all of our engines and engine parts.
Loading...
HKI Similar Companies
Loram South America
A Loram South America é uma subsidiária ligada a Loram Maintenance of Way, empresa ferroviária especializada em prestação de serviço e fabricação de máquinas de manutenção de Via Permanente, localizada nos EUA. Líder no fornecimento de serviços e equipamentos de manutenção de via da América do Nort
Testori Interiors Inc.
Testori Interiors Inc. also specializes in the manufacture of interiors for the mass transit industry. Incorporated in the year 2000 in New York State, Testori has 35 employees. Testori Americas Corporation has evolved from a long history of Testori companies, each dedicated to the mass transit/ae
Westcode Inc - A Unipart Rail Company
Premier supplier of high quality rail systems. Westcode provides individually designed rail systems from its ISO certified factories strategically located in the US and in Europe. With over 15,000 air conditioning units in the field, and over 23,000 door systems, Westcode is a major player in the ra
Gradall Railroad Maintenance
Gradall is an innovative manufacturer of railroad track maintenance equipment. Choices in wheeled undercarriages and rail gear options provide the mobility needed to get the work done quickly. Gradall’s world-renowned telescoping, tilting boom with an array of MOW attachments can handle everything
Firema trasporti
Basing on more than 90 years of experience in the rolling stock business, FIREMA reached important positions in Italian and International market with a new company profile . FIREMA is involved in the national and international market sectors of rolling stocks business, managing with its own resourc
Tikhvin Rail Cars Construction Plant
The Tikhvin Railway Car Building Plant (TVSZ) construction project was launched in 2005 in the town of Tikhvin in the Leningrad Region on the industrial site of the former “Transmash” plant. The managing company of the plant is CJSC “CTS”. The project foresees the construction of a state-of-the-art
.png)
HKI CyberSecurity News
November 27, 2025 10:00 PM
Can’t wait for the Subaru WRX hatch to come back? Nor could this guy
Without a hot hatchback in its lineup for more than 10 years, Subaru owners are going to great lengths to bring back the liftback WRX.
November 27, 2025 09:05 PM
Hatch’s coveted sunrise alarm clock is the lowest price it has ever been for Black Friday
The beloved Hatch sunrise alarm clock is on sale for Black Friday, and if it has been in your cart, now is the time to buy it!
November 27, 2025 07:48 PM
Lexus Once Built A V8-Powered AWD Hatch, And Did Nothing With It
15 years before the Lexus CT, Lexus and Italdesign collaborated on a very cool hatchback with more engine than it probably needed.
November 27, 2025 03:36 PM
Hatches Open, Station Crew Expands to 10
Expedition 73 wrapped up the work week At 10:16 a.m. EST, the hatch opened between the International Space Station and the Soyuz MS-28...
November 27, 2025 03:18 PM
The Weekly Hatch: Winter events and more
Nate Hinners and Ava Thoman are ready for Thanksgiving. Before they chow down on some mashed potatoes and cranberry sauce, they talk about some events...
November 27, 2025 12:08 PM
Subaru Crosstrek Owner Transforms SUV Into WRX Hatchback
We talked to Stephen Ketelsen (@vb_hatch), who decided to WRX swap his stock Subaru Crosstrek. He tells us exactly how the project came to...
November 27, 2025 10:26 AM
Liverpool hatch January transfer plan and target three players as new signing's struggles continue
Liverpool target Antoine Semenyo and defensive reinforcements in January transfer window as Alexander Isak faces fitness concerns and Luis...
November 27, 2025 09:36 AM
How withdrawal from prosecutions has become a political escape hatch
Law News: The Uttar Pradesh government's recent attempt to withdraw from the Mohammed Akhlaq lynching case is telling.
November 27, 2025 05:01 AM
Cupra Leon VZ review: can this 325bhp hot hatch take the Type R's place? Reviews 2025
Spanish arm of VW helps keep the hot hatch flame alive. But 325bhp through the front axle?
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
HKI CyberSecurity History Information
Official Website of Hatch & Kirk, Inc.
The official website of Hatch & Kirk, Inc. is http://hatchkirk.com.
Hatch & Kirk, Inc.’s AI-Generated Cybersecurity Score
According to Rankiteo, Hatch & Kirk, Inc.’s AI-generated cybersecurity score is 745, reflecting their Moderate security posture.
How many security badges does Hatch & Kirk, Inc.’ have ?
According to Rankiteo, Hatch & Kirk, Inc. currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Hatch & Kirk, Inc. have SOC 2 Type 1 certification ?
According to Rankiteo, Hatch & Kirk, Inc. is not certified under SOC 2 Type 1.
Does Hatch & Kirk, Inc. have SOC 2 Type 2 certification ?
According to Rankiteo, Hatch & Kirk, Inc. does not hold a SOC 2 Type 2 certification.
Does Hatch & Kirk, Inc. comply with GDPR ?
According to Rankiteo, Hatch & Kirk, Inc. is not listed as GDPR compliant.
Does Hatch & Kirk, Inc. have PCI DSS certification ?
According to Rankiteo, Hatch & Kirk, Inc. does not currently maintain PCI DSS compliance.
Does Hatch & Kirk, Inc. comply with HIPAA ?
According to Rankiteo, Hatch & Kirk, Inc. is not compliant with HIPAA regulations.
Does Hatch & Kirk, Inc. have ISO 27001 certification ?
According to Rankiteo,Hatch & Kirk, Inc. is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Hatch & Kirk, Inc.
Hatch & Kirk, Inc. operates primarily in the Railroad Equipment Manufacturing industry.
Number of Employees at Hatch & Kirk, Inc.
Hatch & Kirk, Inc. employs approximately 21 people worldwide.
Subsidiaries Owned by Hatch & Kirk, Inc.
Hatch & Kirk, Inc. presently has no subsidiaries across any sectors.
Hatch & Kirk, Inc.’s LinkedIn Followers
Hatch & Kirk, Inc.’s official LinkedIn profile has approximately 656 followers.
NAICS Classification of Hatch & Kirk, Inc.
Hatch & Kirk, Inc. is classified under the NAICS code 3365, which corresponds to Railroad Rolling Stock Manufacturing.
Hatch & Kirk, Inc.’s Presence on Crunchbase
No, Hatch & Kirk, Inc. does not have a profile on Crunchbase.
Hatch & Kirk, Inc.’s Presence on LinkedIn
Yes, Hatch & Kirk, Inc. maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/hatch-&-kirk-inc..
Cybersecurity Incidents Involving Hatch & Kirk, Inc.
As of November 27, 2025, Rankiteo reports that Hatch & Kirk, Inc. has not experienced any cybersecurity incidents.
Number of Peer and Competitor Companies
Hatch & Kirk, Inc. has an estimated 275 peer or competitor companies worldwide.
Hatch & Kirk, Inc. CyberSecurity History Information
How many cyber incidents has Hatch & Kirk, Inc. faced ?
Total Incidents: According to Rankiteo, Hatch & Kirk, Inc. has faced 0 incidents in the past.
What types of cybersecurity incidents have occurred at Hatch & Kirk, Inc. ?
Incident Types: The types of cybersecurity incidents that have occurred include .
Incident Details
What are the most common types of attacks the company has faced ?
Additional Questions
.png)
Latest Global CVEs (Not Company-Specific)
Description
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.
Risk Information
cvss4
Base: 7.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
- https://github.com/angular/angular/commit/0276479e7d0e280e0f8d26fa567d3b7aa97a516f
- https://github.com/angular/angular/commit/05fe6686a97fa0bcd3cf157805b3612033f975bc
- https://github.com/angular/angular/commit/3240d856d942727372a705252f7c8c115394a41e
- https://github.com/angular/angular/releases/tag/19.2.16
- https://github.com/angular/angular/releases/tag/20.3.14
- https://github.com/angular/angular/releases/tag/21.0.1
- https://github.com/angular/angular/security/advisories/GHSA-58c5-g7wp-6w37
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 6.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected when working with large buffers. This includes a rule passing a large buffer to a Lua script. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling Lua rules and output scripts, or making sure limits, such as stream.depth.reassembly and HTTP response body limits (response-body-limit), are set to less than half the stack size.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64_data. This issue has been patched in version 8.0.2. A workaround involves disabling rules that use entropy in conjunction with base64_data.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=hatch-&-kirk-inc.' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
