IAB
Company Details
Linkedin ID:
iab
Website:
Employees number:
730
Number of followers:
126,086
NAICS:
541613
Industry Type:
Homepage:
iab.com
IP Addresses:
0
Company ID:
IAB_1438979
Scan Status:
In-progress
IAB Company CyberSecurity Posture
iab.com
The Interactive Advertising Bureau (IAB) empowers the media and marketing industries to thrive in the digital economy. Its membership comprises more than 700 leading media companies, brands, agencies, and the technology firms responsible for selling, delivering, and optimizing digital ad marketing campaigns. The trade group fields critical research on interactive advertising, while also educating brands, agencies, and the wider business community on the importance of digital marketing. In affiliation with the IAB Tech Lab, IAB develops technical standards and solutions. IAB is committed to professional development and elevating the knowledge, skills, expertise, and diversity of the workforce across the industry. Through the work of its public policy office in Washington, D.C., the trade association advocates for its members and promotes the value of the interactive advertising industry to legislators and policymakers. Founded in 1996, IAB is headquartered in New York City.
IAB A.I CyberSecurity Scoring
IAB Risk Score (AI oriented)Between 650 and 699
IAB
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
IAB Global Score (TPRM)XXXX
IAB
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
IAB Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
AOL, Yahoo and IAB Transparency & Consent Framework: guce
Breach
Rankiteo Explanation
Attack without any consequences
Description: **Major Data Collection Practices Revealed by Leading Digital Publishers** A recent disclosure highlights how over 1,000 companies—including 242 participating in the **IAB Transparency & Consent Framework (TCF)**—collect and process user data across websites and apps. These entities store and access device information (such as cookies) and leverage **precise geolocation data, IP addresses, browsing history, and search activity** for purposes like **analytics, personalized advertising, content measurement, and audience research**. The data collection spans multiple platforms, including **Yahoo, AOL, Engadget, In The Know, and Makers**, and tracks metrics like **visitor counts, device types (iOS/Android), browser usage, and session duration**. While aggregated and not tied to individual users, the practice raises transparency concerns, particularly given the scale of third-party involvement. Users retain the ability to **withdraw consent or adjust preferences** via "Privacy & Cookie Settings" or "Privacy Dashboard" links on these platforms. However, the disclosure underscores the **extensive reach of data-sharing networks** in digital advertising and content delivery, with implications for user privacy and regulatory compliance. The incident reflects broader industry trends in **cross-site tracking and targeted advertising**, where consent frameworks play a central role in managing data access.
IAB Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for IAB
Incidents vs Advertising Services Industry Average (This Year)
IAB has 7.41% fewer incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
IAB has 28.21% more incidents than the average of all companies with at least one recorded incident.
Incident Types IAB vs Advertising Services Industry Avg (This Year)
IAB reported 1 incidents this year: 0 cyber attacks, 0 ransomware, 0 vulnerabilities, 1 data breaches, compared to industry peers with at least 1 incident.
Incident History — IAB (X = Date, Y = Severity)
IAB cyber incidents detection timeline including parent company and subsidiaries
IAB Company Subsidiaries
The Interactive Advertising Bureau (IAB) empowers the media and marketing industries to thrive in the digital economy. Its membership comprises more than 700 leading media companies, brands, agencies, and the technology firms responsible for selling, delivering, and optimizing digital ad marketing campaigns. The trade group fields critical research on interactive advertising, while also educating brands, agencies, and the wider business community on the importance of digital marketing. In affiliation with the IAB Tech Lab, IAB develops technical standards and solutions. IAB is committed to professional development and elevating the knowledge, skills, expertise, and diversity of the workforce across the industry. Through the work of its public policy office in Washington, D.C., the trade association advocates for its members and promotes the value of the interactive advertising industry to legislators and policymakers. Founded in 1996, IAB is headquartered in New York City.
Loading...
IAB Similar Companies
Quad (NYSE: QUAD) is a global marketing experience company that helps brands make direct consumer connections, from household to in-store to online. Supported by state-of-the-art technology and data-driven intelligence, Quad uses its suite of media, creative and production solutions to streamline th
Clinic
Clinic is an independent creative agency. We create bold ideas, and craft them beautifully, to get people thinking, believing and doing. All of our experience goes into what we do today, and although our world’s constantly changing, the endpoint is still people and their experience, no matter
Founded in 1926 by Marcel Bleustein-Blanchet, today Publicis Groupe is the largest communications group in the world and a leader in marketing, communication, and digital business transformation, led by Arthur Sadoun, the third CEO in its history. Publicis Groupe is positioned at every step of the
Clear Channel Europe
Clear Channel Europe is a division of leading global Out of Home media company, Clear Channel Outdoor Holdings, Inc. (NYSE: CCO). The Clear Channel Europe portfolio spans 14 markets with 260,000 advertising panels. Clear Channel Europe has 2,600 dedicated employees. Our Mission is To Create the fu
dentsu
We are dentsu. We team together to help brands predict and plan for disruptive future opportunities and create new paths to growth in the sustainable economy. We know people better than anyone else and we use those insights to connect brand, content, commerce and experience, underpinned by modern cr
TBWA\Worldwide
TBWA is The Disruption Company®. We are a Collective of creative minds with an unlimited creative canvas. We create brand platforms that defy convention and compete with culture. Thanks to our trademarked Disruption® methodology, we build the world’s strongest brands. Brands that own an unfair share
Ogilvy
Ogilvy has been creating impact for brands through iconic, culture-changing, value-driving ideas since the company was founded by David Ogilvy 75 years ago. We build on that rich legacy through Borderless Creativity – innovating at the intersections of its advertising, public relations, relationship
Interpublic Group (IPG)
Interpublic (NYSE: IPG) is a values-based, data-fueled, and creatively-driven provider of marketing solutions. Home to some of the world’s best-known and most innovative communications specialists, IPG global brands include Acxiom, Craft, FCB, FutureBrand, Golin, Initiative, IPG Health, IPG Mediabra
Havas
TO MAKE A MEANINGFUL DIFFERENCE TO BRANDS, TO BUSINESSES AND TO PEOPLE Founded in 1835 in Paris, Havas is one of the world’s largest global communications networks, with more than 23,000 people in over 100 markets sharing one single mission: to make a meaningful difference to brands, businesses, a
.png)
IAB CyberSecurity News
December 15, 2025 12:07 AM
Letters to the Editor: Ireland urgently needs to step up its cybersecurity
'Attacks on our public sector digital infrastructures and private sector data ecosystems could transform Ireland into a digital wasteland...
December 12, 2025 08:00 AM
'A no-brainer': US cybersecurity firm chooses Cork for new AI centre, adding 100 jobs
Quest pointed to Ireland's strong education background for its decision to expand AI operations here.
December 10, 2025 08:00 AM
Storm-0249 Abuses EDR Processes in Stealthy Attacks
The initial access broker has been weaponizing endpoint detection and response (EDR) platforms and Windows utilities in recent...
December 09, 2025 08:00 AM
IAB involvement in cybercrime expands, report finds
IAB involvement in cybercrime expands, report finds Cyberattacks over the past two years have increasingly involved initial access brokers...
December 09, 2025 08:00 AM
Ransomware IAB abuses EDR for stealthy malware execution
An initial access broker tracked as Storm-0249 is abusing endpoint detection and response solutions and trusted Microsoft Windows utilities...
November 12, 2025 08:00 AM
Russian Broker Pleads Guilty to Profiting From Yanluowang Ransomware Attacks
A Russian national will likely face several years in US prison after pleading guilty to a range of offenses related to his work with...
October 31, 2025 07:00 AM
Infrequent cyber security training of staff puts Irish offices at risk
Only half of Irish office workers are confident in their ability to identify phishing attacks; one in five admit to entering sensitive...
October 22, 2025 07:00 AM
SocGholish Malware Using Compromised Sites to Deliver Ransomware
A widespread cybersecurity threat called SocGholish is turning basic software updates into a global trap for victims, according to new...
September 18, 2025 07:00 AM
CountLoader Broadens Russian Ransomware Operations With Multi-Version Malware Loader
Cybersecurity researchers have discovered a new malware loader codenamed CountLoader that has been put to use by Russian ransomware gangs to...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
IAB CyberSecurity History Information
Official Website of IAB
The official website of IAB is https://iab.com.
IAB’s AI-Generated Cybersecurity Score
According to Rankiteo, IAB’s AI-generated cybersecurity score is 699, reflecting their Weak security posture.
How many security badges does IAB’ have ?
According to Rankiteo, IAB currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does IAB have SOC 2 Type 1 certification ?
According to Rankiteo, IAB is not certified under SOC 2 Type 1.
Does IAB have SOC 2 Type 2 certification ?
According to Rankiteo, IAB does not hold a SOC 2 Type 2 certification.
Does IAB comply with GDPR ?
According to Rankiteo, IAB is not listed as GDPR compliant.
Does IAB have PCI DSS certification ?
According to Rankiteo, IAB does not currently maintain PCI DSS compliance.
Does IAB comply with HIPAA ?
According to Rankiteo, IAB is not compliant with HIPAA regulations.
Does IAB have ISO 27001 certification ?
According to Rankiteo,IAB is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of IAB
IAB operates primarily in the Advertising Services industry.
Number of Employees at IAB
IAB employs approximately 730 people worldwide.
Subsidiaries Owned by IAB
IAB presently has no subsidiaries across any sectors.
IAB’s LinkedIn Followers
IAB’s official LinkedIn profile has approximately 126,086 followers.
NAICS Classification of IAB
IAB is classified under the NAICS code 541613, which corresponds to Marketing Consulting Services.
IAB’s Presence on Crunchbase
No, IAB does not have a profile on Crunchbase.
IAB’s Presence on LinkedIn
Yes, IAB maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/iab.
Cybersecurity Incidents Involving IAB
As of December 23, 2025, Rankiteo reports that IAB has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
IAB has an estimated 32,697 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at IAB ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
How does IAB detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an communication strategy with privacy & cookie settings and privacy dashboard links provided for user consent management..
Incident Details
Can you provide details on each incident ?
Title: None
Description: A cyber incident involving the storage and/or access of information on devices (cookies), use of precise geolocation data, IP addresses, browsing and search data for analytics, personalized advertising, content measurement, and audience research. Data collected includes visitor counts, device types, browsers, and visit duration, aggregated and not tied to specific users. The incident affects multiple entities, including those part of the IAB Transparency & Consent Framework.
Type: Data Collection and Tracking
Attack Vector: Legitimate Use of Cookies and Tracking Technologies
Motivation: Analytics, Personalized Advertising, Content Measurement, Audience Research
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Collection and Tracking INTYAHIAB1766434075
Data Compromised: Device information, geolocation data, IP addresses, browsing and search data
Systems Affected: Websites and apps owned and operated by Yahoo, AOL, Engadget, In The Know, Makers
Identity Theft Risk: Potential risk due to collection of personal data
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Device information, geolocation data, IP addresses and browsing and search data.
Which entities were affected by each incident ?
Incident : Data Collection and Tracking INTYAHIAB1766434075
Entity Name: Yahoo
Entity Type: Company
Industry: Technology, Media
Incident : Data Collection and Tracking INTYAHIAB1766434075
Entity Name: AOL
Entity Type: Company
Industry: Technology, Media
Incident : Data Collection and Tracking INTYAHIAB1766434075
Entity Name: Engadget
Entity Type: Company
Industry: Technology, Media
Incident : Data Collection and Tracking INTYAHIAB1766434075
Entity Name: In The Know
Entity Type: Company
Industry: Media
Incident : Data Collection and Tracking INTYAHIAB1766434075
Entity Name: Makers
Entity Type: Company
Industry: Media
Incident : Data Collection and Tracking INTYAHIAB1766434075
Entity Name: IAB Transparency & Consent Framework Members
Entity Type: Multiple Entities
Industry: Various
Customers Affected: 242 members
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Collection and Tracking INTYAHIAB1766434075
Communication Strategy: Privacy & Cookie Settings and Privacy Dashboard links provided for user consent management
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Collection and Tracking INTYAHIAB1766434075
Type of Data Compromised: Device information, geolocation data, IP addresses, browsing and search data
Sensitivity of Data: High (personal data including precise geolocation and browsing history)
Personally Identifiable Information: Yes (IP address, browsing and search data, geolocation)
Lessons Learned and Recommendations
What recommendations were made to prevent future incidents ?
Incident : Data Collection and Tracking INTYAHIAB1766434075
Recommendations: Users should review and manage their consent settings via 'Privacy & Cookie Settings' or 'Privacy Dashboard' links. Companies should ensure transparent data collection practices and provide clear opt-out mechanisms.
What recommendations has the company implemented to improve cybersecurity ?
Implemented Recommendations: The company has implemented the following recommendations to improve cybersecurity: Users should review and manage their consent settings via 'Privacy & Cookie Settings' or 'Privacy Dashboard' links. Companies should ensure transparent data collection practices and provide clear opt-out mechanisms..
References
Where can I find more information about each incident ?
Incident : Data Collection and Tracking INTYAHIAB1766434075
Source: Company Privacy Policy
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Company Privacy Policy.
Investigation Status
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Privacy & Cookie Settings and Privacy Dashboard links provided for user consent management.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Data Collection and Tracking INTYAHIAB1766434075
Customer Advisories: Users can withdraw consent or change choices via 'Privacy & Cookie Settings' or 'Privacy Dashboard' links.
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: was Users can withdraw consent or change choices via 'Privacy & Cookie Settings' or 'Privacy Dashboard' links..
Additional Questions
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Device information, geolocation data, IP addresses and browsing and search data.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Device information, geolocation data, IP addresses and browsing and search data.
Lessons Learned and Recommendations
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Users should review and manage their consent settings via 'Privacy & Cookie Settings' or 'Privacy Dashboard' links. Companies should ensure transparent data collection practices and provide clear opt-out mechanisms..
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident is Company Privacy Policy.
Stakeholder and Customer Advisories
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued was an Users can withdraw consent or change choices via 'Privacy & Cookie Settings' or 'Privacy Dashboard' links.
.png)
Latest Global CVEs (Not Company-Specific)
Description
A vulnerability has been found in SeaCMS up to 13.3. The affected element is an unknown function of the file js/player/dmplayer/dmku/class/mysqli.class.php. Such manipulation of the argument page/limit leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.
Risk Information
cvss2
Base: 7.5
Severity: LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
cvss3
Base: 7.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HappyDevs TempTool allows Stored XSS.This issue affects TempTool: from n/a through 1.3.1.
Risk Information
cvss3
Base: 6.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tormorten WP Microdata allows Stored XSS.This issue affects WP Microdata: from n/a through 1.0.
Risk Information
cvss3
Base: 6.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
Description
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in HappyDevs TempTool allows Retrieve Embedded Sensitive Data.This issue affects TempTool: from n/a through 1.3.1.
Risk Information
cvss3
Base: 4.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Description
A vulnerability has been found in Tenda FH1201 1.2.0.14(408). Affected is the function sprintf of the file /goform/SetIpBind. Such manipulation of the argument page leads to stack-based buffer overflow. The attack may be performed from remote. The exploit has been disclosed to the public and may be used.
Risk Information
cvss2
Base: 9.0
Severity: LOW
AV:N/AC:L/Au:S/C:C/I:C/A:C
cvss3
Base: 8.8
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvss4
Base: 7.4
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
- https://github.com/z472421519/BinaryAudit/blob/main/PoC/BOF/Tenda_FH1201/SetIpBind/SetIpBind.md
- https://github.com/z472421519/BinaryAudit/blob/main/PoC/BOF/Tenda_FH1201/SetIpBind/SetIpBind.md#reproduce
- https://vuldb.com/?ctiid.337689
- https://vuldb.com/?id.337689
- https://vuldb.com/?submit.719154
- https://www.tenda.com.cn/
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=iab' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
