JB
Company Details
Linkedin ID:
jack-in-the-box
Website:
Employees number:
23,896
Number of followers:
60,599
NAICS:
7225
Industry Type:
Homepage:
jackinthebox.com
IP Addresses:
0
Company ID:
JAC_2639920
Scan Status:
In-progress
Jack in the Box Company CyberSecurity Posture
jackinthebox.com
Jack in the Box has always been the place for those who live outside the box. Where you can try new things and order what you want when you want it. Now, let’s get to the facts! Did you know Jack in the Box was founded on February 21, 1951, by a businessman named Robert O. Peterson in San Diego, California? Yeah, you probably did. Did you know Jack in the Box pioneered a number of firsts in the quick-serve industry, including menu items that are now staples on most fast-food menu boards, like the breakfast sandwich and portable salads. Sure. Did you know Jack in the Box has over 2000 locations? Everyone knows that. Whatever the reason you came to Jack in the Box's LinkedIn page...welcome, we’re happy to have you here.
Jack in the Box A.I CyberSecurity Scoring
JB Risk Score (AI oriented)Between 750 and 799
JB
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
JB Global Score (TPRM)XXXX
JB
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
JB Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
Del Taco LLC
Breach
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: On February 21, 2019, the California Office of the Attorney General reported a data breach involving Del Taco LLC. The incident on January 28, 2019, involved a phishing scheme that potentially exposed employee names and social security numbers, though the total number of affected individuals is unknown.
JB Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for JB
Incidents vs Restaurants Industry Average (This Year)
No incidents recorded for Jack in the Box in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Jack in the Box in 2025.
Incident Types JB vs Restaurants Industry Avg (This Year)
No incidents recorded for Jack in the Box in 2025.
Incident History — JB (X = Date, Y = Severity)
JB cyber incidents detection timeline including parent company and subsidiaries
JB Company Subsidiaries
Jack in the Box has always been the place for those who live outside the box. Where you can try new things and order what you want when you want it. Now, let’s get to the facts! Did you know Jack in the Box was founded on February 21, 1951, by a businessman named Robert O. Peterson in San Diego, California? Yeah, you probably did. Did you know Jack in the Box pioneered a number of firsts in the quick-serve industry, including menu items that are now staples on most fast-food menu boards, like the breakfast sandwich and portable salads. Sure. Did you know Jack in the Box has over 2000 locations? Everyone knows that. Whatever the reason you came to Jack in the Box's LinkedIn page...welcome, we’re happy to have you here.
Loading...
JB Similar Companies
Arby's
Arby’s, founded in 1964, is the second-largest sandwich restaurant brand in the world with more than 3,400 restaurants in seven countries. Arby’s is part of the Inspire Brands family of restaurants. For more information, visit Arbys.com and InspireBrands.com With the current growth and momentum of
Panda Restaurant Group
Panda Restaurant Group, the world leader in Asian dining experiences and parent company of Panda Express, Panda Inn, and Hibachi-San, is dedicated to becoming a world leader in people development. We are family-owned and operated with over 2,500 locations worldwide and more than 48,000 associates.
Subway
Subway is one of the world's largest quick service restaurant brands, serving freshly made-to-order sandwiches, wraps, salads and bowls to millions of guests, across over 100 countries in more than 37,000 restaurants every day. Subway restaurants are owned and operated by Subway franchisees – a ne
Taco Bell was born and raised in California and has been around since 1962. We went from selling everyone’s favorite Crunchy Tacos on the West Coast to a global brand with 8,200+ restaurants, 350 franchise organizations, that serve 42+ million fans each week around the globe. We’re not only the larg
Bloomin' Brands, Inc.
Since the first Outback Steakhouse opened, our family of brands has expanded to include Carrabba's Italian Grill, Bonefish Grill, and Fleming's Prime Steakhouse & Wine Bar. Together, these unique, Founder-inspired restaurants make up Bloomin' Brands, Inc. Today, we are one of the world's largest cas
KFC
We’re KFC. The iconic, brand making world-famous finger lickin’ good fried chicken since 1952. Our unrivaled people and culture are the true heart and soul of our brand. It’s where our people promise comes to life every day. Where our employees can be their best selves, make a difference, and have f
Dallas-based Brinker International, Inc. is one of the world’s leading casual dining restaurant companies. Founded in 1975, Brinker owns, operates or franchises more than 1,600 restaurants across 31 countries and two territories under the names Chili’s® Grill & Bar and Maggiano’s Little Italy®. O
Domino's
Domino’s is a purpose-inspired, performance-driven company powered by exceptional people who are committed to feeding the power of possible—one pizza at a time. Founded in 1960 with a single store in Ypsilanti, Michigan, Domino’s has grown into one of the most recognized and leading pizza brands in
Chili's
Chili's opened as a fun Dallas burger joint with a loyalty to happy hour and blue jeans. We prided ourselves on our humble beginnings, following a devotion to great food, warm hospitality and community spirit. Today, with restaurants all over the world, we continue to cook up the best in casual fare
.png)
JB CyberSecurity News
November 21, 2025 08:43 PM
Jack in the Box maintains IT spend despite sliding sales
The fast food chain pushed ahead with tech investments while experiencing its worst sales results in years during consecutive quarters.
November 18, 2025 08:00 AM
The Complete List of Hacker And Cybersecurity Movies
Hacker's Movie Guide” with Foreword by Steve Wozniak, co-founder of Apple.
November 06, 2025 08:00 AM
Value Just Got So Munch Better: Jack in the Box Launches New Munch Better Deals Lineup
Jack's New Munch Better Deals delivers crave-worthy meal options for every appetite and budget, all starting at $7 Jack in the Box (NASDAQ:...
September 30, 2025 07:00 AM
Jack in the Box Unleashes DealQuest: Revenge of the Munchies
A First-of-its-Kind, AI-Powered Adventure Serving Up Craveable Deals and Epic Prizes This Halloween Players, beware: the Munchies are on the...
September 18, 2025 07:00 AM
This Halloween Get Monster-Sized Munchies All Season Long at Jack in the Box
Jack in the Box Drops Monster Munchie Meal for Halloween Featuring Iconic Jumbo-Sized Fan-Favorites Plus a Limited Edition Halloween Cup...
September 12, 2025 07:00 AM
Jack in the Box Is Serving $5 Smashed Jacks All Week Long
Seven days of $5 Smashed Jacks. Two bonus days of free burgers. Burger Week is officially stacked. Jack in the Box (NASDAQ: JACK) is making...
July 24, 2025 07:00 AM
The Fans Have Spoken: Jack in the Box Partners with Coca-Cola to Bring Limited Edition Starlight Drink Back to Earth
The space-flavored beverage that captured fans' imaginations in 2022 lands for a limited time only at Jack in the Box Jack in the Box Inc.
July 23, 2025 07:00 AM
Jack in the Box Launches Texas Double Jack Promotion to Support Flood Relief Efforts Across the State
Texas Jack in the Box Franchisees Unite to Give Back to Flood-Affected Communities In the wake of the devastating floods impacting Texas...
June 04, 2025 07:00 AM
Jack Byrd Guides Solaren’s Approach to Modern Security Challenges
Jack Byrd III, CEO of Nashville-based Solaren Risk Management, has developed a tactic that balances traditional security expertise with technological...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
JB CyberSecurity History Information
Official Website of Jack in the Box
The official website of Jack in the Box is http://www.jackinthebox.com.
Jack in the Box’s AI-Generated Cybersecurity Score
According to Rankiteo, Jack in the Box’s AI-generated cybersecurity score is 760, reflecting their Fair security posture.
How many security badges does Jack in the Box’ have ?
According to Rankiteo, Jack in the Box currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Jack in the Box have SOC 2 Type 1 certification ?
According to Rankiteo, Jack in the Box is not certified under SOC 2 Type 1.
Does Jack in the Box have SOC 2 Type 2 certification ?
According to Rankiteo, Jack in the Box does not hold a SOC 2 Type 2 certification.
Does Jack in the Box comply with GDPR ?
According to Rankiteo, Jack in the Box is not listed as GDPR compliant.
Does Jack in the Box have PCI DSS certification ?
According to Rankiteo, Jack in the Box does not currently maintain PCI DSS compliance.
Does Jack in the Box comply with HIPAA ?
According to Rankiteo, Jack in the Box is not compliant with HIPAA regulations.
Does Jack in the Box have ISO 27001 certification ?
According to Rankiteo,Jack in the Box is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Jack in the Box
Jack in the Box operates primarily in the Restaurants industry.
Number of Employees at Jack in the Box
Jack in the Box employs approximately 23,896 people worldwide.
Subsidiaries Owned by Jack in the Box
Jack in the Box presently has no subsidiaries across any sectors.
Jack in the Box’s LinkedIn Followers
Jack in the Box’s official LinkedIn profile has approximately 60,599 followers.
NAICS Classification of Jack in the Box
Jack in the Box is classified under the NAICS code 7225, which corresponds to Restaurants and Other Eating Places.
Jack in the Box’s Presence on Crunchbase
Yes, Jack in the Box has an official profile on Crunchbase, which can be accessed here: https://www.crunchbase.com/organization/jack-in-the-box.
Jack in the Box’s Presence on LinkedIn
Yes, Jack in the Box maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/jack-in-the-box.
Cybersecurity Incidents Involving Jack in the Box
As of November 27, 2025, Rankiteo reports that Jack in the Box has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
Jack in the Box has an estimated 4,808 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Jack in the Box ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
Incident Details
Can you provide details on each incident ?
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach DEL323072525
Data Compromised: Employee names, Social security numbers
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Employee Names, Social Security Numbers and .
Which entities were affected by each incident ?
Incident : Data Breach DEL323072525
Entity Name: Del Taco LLC
Entity Type: Company
Industry: Food and Beverage
Location: California
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach DEL323072525
Type of Data Compromised: Employee names, Social security numbers
Sensitivity of Data: High
References
Where can I find more information about each incident ?
Incident : Data Breach DEL323072525
Source: California Office of the Attorney General
Date Accessed: 2019-02-21
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: California Office of the Attorney GeneralDate Accessed: 2019-02-21.
Additional Questions
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2019-01-28.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2019-02-21.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Employee names, Social security numbers and .
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Employee names and Social security numbers.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident is California Office of the Attorney General.
.png)
Latest Global CVEs (Not Company-Specific)
Description
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.
Risk Information
cvss4
Base: 7.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
- https://github.com/angular/angular/commit/0276479e7d0e280e0f8d26fa567d3b7aa97a516f
- https://github.com/angular/angular/commit/05fe6686a97fa0bcd3cf157805b3612033f975bc
- https://github.com/angular/angular/commit/3240d856d942727372a705252f7c8c115394a41e
- https://github.com/angular/angular/releases/tag/19.2.16
- https://github.com/angular/angular/releases/tag/20.3.14
- https://github.com/angular/angular/releases/tag/21.0.1
- https://github.com/angular/angular/security/advisories/GHSA-58c5-g7wp-6w37
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 6.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected when working with large buffers. This includes a rule passing a large buffer to a Lua script. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling Lua rules and output scripts, or making sure limits, such as stream.depth.reassembly and HTTP response body limits (response-body-limit), are set to less than half the stack size.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64_data. This issue has been patched in version 8.0.2. A workaround involves disabling rules that use entropy in conjunction with base64_data.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=jack-in-the-box' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
