Hearst UK
Company Details
Linkedin ID:
hearst-magazines-uk
Website:
Employees number:
669
Number of followers:
49,914
NAICS:
511
Industry Type:
Homepage:
hearst.co.uk
IP Addresses:
0
Company ID:
HEA_1381133
Scan Status:
In-progress
Hearst UK Company CyberSecurity Posture
hearst.co.uk
Hearst UK is home to some of the world’s best-loved and trusted brands, including Good Housekeeping, ELLE, Harper’s Bazaar, Country Living, Men’s Health, Women’s Health and Esquire. We pride ourselves on creating stories with impact, and our quality content resonates with audiences wherever they are. We circulate over 19.5 million magazines a year, reach on average 18.7 million UK digital unique users per month and have more than 32.5 million follows via our social media platforms. The longevity of our brands enables us to unlock new opportunities to deepen connections with our valued customers and clients. Hearst UK has a growing audience of members, from digital-only memberships through to top-tier propositions, including ELLE COLLECTIVE, Men’s Health Squad, Women’s Health Collective and Good Housekeeping VIP. Our marquee events include the ELLE Style Awards, Good Housekeeping Live, Country Living Shows and Harper’s Bazaar Women of the Year Awards. Our state-of-the art consumer research centre in Feltham is the driving force behind the coveted Good Housekeeping Tried & Tested accreditation, which tested over 3,600 products in 2023. The Good Housekeeping Institute celebrates its 100th anniversary this year. We also have a range of licensed brand extensions including House Beautiful sofas with DFS, Country Living kitchens with Homebase and Harper’s Bazaar wellness programmes with Cunard.
Hearst UK A.I CyberSecurity Scoring
Hearst UK Risk Score (AI oriented)Between 750 and 799
Hearst UK
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Hearst UK Global Score (TPRM)XXXX
Hearst UK
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Hearst UK Company CyberSecurity News & History
Past Incidents
2
Attack Types
1
MCG Health
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: MCG Health, LLC suffered a data security incident after an unauthorized party previously obtained personal information about some patients and members of certain MCG customers. The compromised patient or member data included some or all of the following data elements: names, Social Security numbers, medical codes, postal addresses, telephone numbers, email addresses, dates of birth and gender. MCG immediately launched the investigation and notified the compromised individuals.
MCG Health, LLC
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The Maine Office of the Attorney General reported that MCG Health, LLC experienced a data breach affecting approximately 1,100,000 individuals, with a specific mention of 1 Maine resident. The breach, discovered on March 25, 2022, involved unauthorized access to personal information such as names, Social Security numbers, and medical codes. Identity protection and credit monitoring services were offered to the affected individuals.
Hearst UK Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Hearst UK
Incidents vs Book and Periodical Publishing Industry Average (This Year)
No incidents recorded for Hearst UK in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Hearst UK in 2025.
Incident Types Hearst UK vs Book and Periodical Publishing Industry Avg (This Year)
No incidents recorded for Hearst UK in 2025.
Incident History — Hearst UK (X = Date, Y = Severity)
Hearst UK cyber incidents detection timeline including parent company and subsidiaries
Hearst UK Company Subsidiaries
Hearst UK is home to some of the world’s best-loved and trusted brands, including Good Housekeeping, ELLE, Harper’s Bazaar, Country Living, Men’s Health, Women’s Health and Esquire. We pride ourselves on creating stories with impact, and our quality content resonates with audiences wherever they are. We circulate over 19.5 million magazines a year, reach on average 18.7 million UK digital unique users per month and have more than 32.5 million follows via our social media platforms. The longevity of our brands enables us to unlock new opportunities to deepen connections with our valued customers and clients. Hearst UK has a growing audience of members, from digital-only memberships through to top-tier propositions, including ELLE COLLECTIVE, Men’s Health Squad, Women’s Health Collective and Good Housekeeping VIP. Our marquee events include the ELLE Style Awards, Good Housekeeping Live, Country Living Shows and Harper’s Bazaar Women of the Year Awards. Our state-of-the art consumer research centre in Feltham is the driving force behind the coveted Good Housekeeping Tried & Tested accreditation, which tested over 3,600 products in 2023. The Good Housekeeping Institute celebrates its 100th anniversary this year. We also have a range of licensed brand extensions including House Beautiful sofas with DFS, Country Living kitchens with Homebase and Harper’s Bazaar wellness programmes with Cunard.
Loading...
Hearst UK Similar Companies
Loading...
.png)
Hearst UK CyberSecurity News
February 18, 2025 08:00 AM
Hearst U.K. Bucks Circulation Figures as Condé Nast Faces Challenging Numbers
Elle Decoration, Elle U.K. and Harper's Bazaar all experienced growth during the period January to December 2024, while British Vogue,...
February 06, 2025 08:00 AM
'The Night Agent' Season 3: Everything We Know- Dates Cast News Spoilers
Netflix's hit show The Night Agent just finished releasing their second season, but the third is already in production.
June 19, 2024 07:00 AM
MAFS star Duncan James makes exciting career move with best friend
Married at First Sight Australia's Duncan James has announced a new career move away from reality TV with the launch of his cyber security...
June 30, 2022 07:00 AM
What a Real Cyber Security Expert Makes of the 'Undeclared War'
A global advisor with 20 years in the game analyses Channel 4's new prestige TV show.
June 30, 2022 07:00 AM
The Unnerving True Story Behind 'The Undeclared War'
The GCHQ team is battling against a new form of cyber attack.
January 20, 2020 08:00 AM
UK publishers losing digital ad revenue due to content 'blacklists' | Advertising
UK newspaper and magazine publishers lost almost £170m in digital revenue last year as technology designed to stop advertisements from appearing next to hard-...
October 02, 2018 07:00 AM
Kim Kardashian has been voted the "most dangerous" celebrity to search online
Kim Kardashian has been named the UK's "most dangerous celebrity to search for online", according to research. McAfee, a cyber-security firm...
May 15, 2018 07:00 AM
How Period Tracking Apps May Be Making Money From Your Menstrual Cycle
Women who use menstruapps are sharing information about their health, sex life and social behaviours that may be sold to advertisers.
February 14, 2016 08:00 AM
Women in business — Anna Jones, chief executive, Hearst UK
Anna Jones became chief executive of Hearst Magazines UK in 2014. Since then she has expanded the business, which publishes Cosmopolitan, Harper's Bazaar and...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Hearst UK CyberSecurity History Information
Official Website of Hearst UK
The official website of Hearst UK is http://www.hearst.co.uk.
Hearst UK’s AI-Generated Cybersecurity Score
According to Rankiteo, Hearst UK’s AI-generated cybersecurity score is 757, reflecting their Fair security posture.
How many security badges does Hearst UK’ have ?
According to Rankiteo, Hearst UK currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Hearst UK have SOC 2 Type 1 certification ?
According to Rankiteo, Hearst UK is not certified under SOC 2 Type 1.
Does Hearst UK have SOC 2 Type 2 certification ?
According to Rankiteo, Hearst UK does not hold a SOC 2 Type 2 certification.
Does Hearst UK comply with GDPR ?
According to Rankiteo, Hearst UK is not listed as GDPR compliant.
Does Hearst UK have PCI DSS certification ?
According to Rankiteo, Hearst UK does not currently maintain PCI DSS compliance.
Does Hearst UK comply with HIPAA ?
According to Rankiteo, Hearst UK is not compliant with HIPAA regulations.
Does Hearst UK have ISO 27001 certification ?
According to Rankiteo,Hearst UK is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Hearst UK
Hearst UK operates primarily in the Book and Periodical Publishing industry.
Number of Employees at Hearst UK
Hearst UK employs approximately 669 people worldwide.
Subsidiaries Owned by Hearst UK
Hearst UK presently has no subsidiaries across any sectors.
Hearst UK’s LinkedIn Followers
Hearst UK’s official LinkedIn profile has approximately 49,914 followers.
NAICS Classification of Hearst UK
Hearst UK is classified under the NAICS code 511, which corresponds to Publishing Industries (except Internet).
Hearst UK’s Presence on Crunchbase
No, Hearst UK does not have a profile on Crunchbase.
Hearst UK’s Presence on LinkedIn
Yes, Hearst UK maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/hearst-magazines-uk.
Cybersecurity Incidents Involving Hearst UK
As of November 28, 2025, Rankiteo reports that Hearst UK has experienced 2 cybersecurity incidents.
Number of Peer and Competitor Companies
Hearst UK has an estimated 4,881 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Hearst UK ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
How does Hearst UK detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an communication strategy with notified compromised individuals, and remediation measures with identity protection and credit monitoring services offered..
Incident Details
Can you provide details on each incident ?
Title: Data Security Incident at MCG Health, LLC
Description: MCG Health, LLC suffered a data security incident after an unauthorized party previously obtained personal information about some patients and members of certain MCG customers.
Type: Data Breach
Threat Actor: Unauthorized Party
Title: MCG Health Data Breach
Description: The Maine Office of the Attorney General reported that MCG Health, LLC experienced a data breach affecting approximately 1,100,000 individuals, with a specific mention of 1 Maine resident. The breach, discovered on March 25, 2022, involved unauthorized access to personal information such as names, Social Security numbers, and medical codes. Identity protection and credit monitoring services were offered to the affected individuals.
Date Detected: 2022-03-25
Type: Data Breach
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach MCG1238722
Data Compromised: Names, Social security numbers, Medical codes, Postal addresses, Telephone numbers, Email addresses, Dates of birth, Gender
Incident : Data Breach MCG132072525
Data Compromised: Names, Social security numbers, Medical codes
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Personal Information, , Names, Social Security Numbers, Medical Codes and .
Which entities were affected by each incident ?
Incident : Data Breach MCG1238722
Entity Name: MCG Health, LLC
Entity Type: Healthcare
Industry: Healthcare
Incident : Data Breach MCG132072525
Entity Name: MCG Health, LLC
Entity Type: Company
Industry: Healthcare
Customers Affected: 1100000
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach MCG1238722
Communication Strategy: Notified compromised individuals
Incident : Data Breach MCG132072525
Remediation Measures: Identity protection and credit monitoring services offered
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach MCG1238722
Type of Data Compromised: Personal information
Sensitivity of Data: High
Incident : Data Breach MCG132072525
Type of Data Compromised: Names, Social security numbers, Medical codes
Number of Records Exposed: 1100000
Sensitivity of Data: High
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Identity protection and credit monitoring services offered, .
References
Where can I find more information about each incident ?
Incident : Data Breach MCG132072525
Source: Maine Office of the Attorney General
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Maine Office of the Attorney General.
Investigation Status
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Notified compromised individuals.
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident was an Unauthorized Party.
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2022-03-25.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were names, Social Security numbers, medical codes, postal addresses, telephone numbers, email addresses, dates of birth, gender, , names, Social Security numbers, medical codes and .
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were telephone numbers, email addresses, names, Social Security numbers, postal addresses, gender, dates of birth and medical codes.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 110.0.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident is Maine Office of the Attorney General.
.png)
Latest Global CVEs (Not Company-Specific)
Description
ThingsBoard in versions prior to v4.2.1 allows an authenticated user to upload malicious SVG images via the "Image Gallery", leading to a Stored Cross-Site Scripting (XSS) vulnerability. The exploit can be triggered when any user accesses the public API endpoint of the malicious SVG images, or if the malicious images are embedded in an `iframe` element, during a widget creation, deployed to any page of the platform (e.g., dashboards), and accessed during normal operations. The vulnerability resides in the `ImageController`, which fails to restrict the execution of JavaScript code when an image is loaded by the user's browser. This vulnerability can lead to the execution of malicious code in the context of other users' sessions, potentially compromising their accounts and allowing unauthorized actions.
Risk Information
cvss4
Base: 6.2
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Mattermost versions 11.0.x <= 11.0.2, 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12 fail to to verify that the token used during the code exchange originates from the same authentication flow, which allows an authenticated user to perform account takeover via a specially crafted email address used when switching authentication methods and sending a request to the /users/login/sso/code-exchange endpoint. The vulnerability requires ExperimentalEnableAuthenticationTransfer to be enabled (default: enabled) and RequireEmailVerification to be disabled (default: disabled).
Risk Information
cvss3
Base: 9.9
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
References
Description
Mattermost versions 11.0.x <= 11.0.2, 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12 fail to sanitize team email addresses to be visible only to Team Admins, which allows any authenticated user to view team email addresses via the GET /api/v4/channels/{channel_id}/common_teams endpoint
Risk Information
cvss3
Base: 4.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
References
Description
Exposure of email service credentials to users without administrative rights in Devolutions Server.This issue affects Devolutions Server: before 2025.2.21, before 2025.3.9.
Description
Exposure of credentials in unintended requests in Devolutions Server.This issue affects Server: through 2025.2.20, through 2025.3.8.
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=hearst-magazines-uk' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
