Comparison Overview

LA Fitness

VS

Aetna, a CVS Health Company

LA Fitness

PO Box 55088, Irvine, California, 92619, US
Last Update: 2025-12-09
View Profile
Between 750 and 799
http://www.lafitness.com

LA Fitness is a privately owned fitness club chain. LA Fitness has hundreds of health clubs gyms and millions of members across US and Canada. In an industry often equated with fad and fashion, LA Fitness has steadily increased its presence by focusing on the one lifelong benefit valued by everyone: good health. Established in Southern California in 1984, LA Fitness continues to seek innovative ways to enhance the wellbeing of its members. Today, LA Fitness’ state-of-the-art clubs span the continent and continue to expand. LA Fitness’ strong and successful growth stems from its commitment to understanding and meeting the distinct needs of each community it serves. With a wide range of amenities and a highly trained staff, LA Fitness can provide fun and effective workout options to family members of all ages and interests. Website - http://www.lafitness.com Facebook - https://www.facebook.com/LAFitness Twitter - http://www.twitter.com/LAFitness Google+ - https://plus.google.com/+lafitness YouTube: http://www.youtube.com/lafitness

NAICS: 71394
NAICS Definition: Fitness and Recreational Sports Centers
Employees: 14,288
Subsidiaries: 0
12-month incidents
0
Known data breaches
0
Attack type number
0
View Profile

Aetna, a CVS Health Company

151 Farmington Avenue, Hartford, Connecticut, 06156, US
Last Update: 2025-12-09
Between 750 and 799
http://aetna.com

Here at Aetna, a CVS Health® company, we’re building a healthier world by making health care easy, affordable and all about you. Because Healthier Happens Together™! Follow our page for company news, industry commentary, jobs and more. Founded in 1853 in Hartford, CT, Aetna® is one of the nation's leading diversified health care benefits companies, serving an estimated 39 million people with information and resources to help them make better decisions about their health. As a health care leader, we believe that our corporate responsibility starts with helping people live healthier lives. And that means using our resources to make the communities and the world we live in better places. Diversity & Inclusion: Our focus on diversity and inclusion reflects the world around us. Having a diverse group of employees gives us a broader and deeper view of how to serve the people and businesses in our communities. As part of CVS Health, over 70% of our workforce is comprised of women. Join us as we transform the health care system. Our employees are the cornerstone of our mission to help people live healthier lives. Get to know us, why we're passionate about what we do and what makes Aetna a great place to work.

NAICS: 71394
NAICS Definition: Fitness and Recreational Sports Centers
Employees: 39,368
Subsidiaries: 11
12-month incidents
0
Known data breaches
3
Attack type number
2

Compliance Badges Comparison

Security & Compliance Standards Overview

https://images.rankiteo.com/companyimages/la-fitness.jpeg
LA Fitness
ISO 27001
ISO 27001 certification not verified
Not verified
SOC2 Type 1
SOC2 Type 1 certification not verified
Not verified
SOC2 Type 2
SOC2 Type 2 certification not verified
Not verified
GDPR
GDPR certification not verified
Not verified
PCI DSS
PCI DSS certification not verified
Not verified
HIPAA
HIPAA certification not verified
Not verified
https://images.rankiteo.com/companyimages/aetna.jpeg
Aetna, a CVS Health Company
ISO 27001
ISO 27001 certification not verified
Not verified
SOC2 Type 1
SOC2 Type 1 certification not verified
Not verified
SOC2 Type 2
SOC2 Type 2 certification not verified
Not verified
GDPR
GDPR certification not verified
Not verified
PCI DSS
PCI DSS certification not verified
Not verified
HIPAA
HIPAA certification not verified
Not verified
Compliance Summary
LA Fitness
100%
Compliance Rate
0/4 Standards Verified
Aetna, a CVS Health Company
0%
Compliance Rate
0/4 Standards Verified

Benchmark & Cyber Underwriting Signals

Incidents vs Wellness and Fitness Services Industry Average (This Year)

No incidents recorded for LA Fitness in 2025.

Incidents vs Wellness and Fitness Services Industry Average (This Year)

No incidents recorded for Aetna, a CVS Health Company in 2025.

Incident History — LA Fitness (X = Date, Y = Severity)

LA Fitness cyber incidents detection timeline including parent company and subsidiaries

Incident History — Aetna, a CVS Health Company (X = Date, Y = Severity)

Aetna, a CVS Health Company cyber incidents detection timeline including parent company and subsidiaries

Notable Incidents

Last 3 Security & Risk Events by Company

https://images.rankiteo.com/companyimages/la-fitness.jpeg
LA Fitness
Incidents

No Incident

https://images.rankiteo.com/companyimages/aetna.jpeg
Aetna, a CVS Health Company
Incidents

Date Detected: 11/2023
Type:Breach
Attack Vector: Human Error
Blog: Blog

Date Detected: 5/2023
Type:Breach
Blog: Blog

Date Detected: 1/2023
Type:Breach
Attack Vector: Internal System Breach
Blog: Blog

FAQ

LA Fitness company demonstrates a stronger AI Cybersecurity Score compared to Aetna, a CVS Health Company company, reflecting its advanced cybersecurity posture governance and monitoring frameworks.

Aetna, a CVS Health Company company has historically faced a number of disclosed cyber incidents, whereas LA Fitness company has not reported any.

In the current year, Aetna, a CVS Health Company company and LA Fitness company have not reported any cyber incidents.

Neither Aetna, a CVS Health Company company nor LA Fitness company has reported experiencing a ransomware attack publicly.

Aetna, a CVS Health Company company has disclosed at least one data breach, while LA Fitness company has not reported such incidents publicly.

Neither Aetna, a CVS Health Company company nor LA Fitness company has reported experiencing targeted cyberattacks publicly.

Neither LA Fitness company nor Aetna, a CVS Health Company company has reported experiencing or disclosing vulnerabilities publicly.

Neither LA Fitness nor Aetna, a CVS Health Company holds any compliance certifications.

Neither company holds any compliance certifications.

Aetna, a CVS Health Company company has more subsidiaries worldwide compared to LA Fitness company.

Aetna, a CVS Health Company company employs more people globally than LA Fitness company, reflecting its scale as a Wellness and Fitness Services.

Neither LA Fitness nor Aetna, a CVS Health Company holds SOC 2 Type 1 certification.

Neither LA Fitness nor Aetna, a CVS Health Company holds SOC 2 Type 2 certification.

Neither LA Fitness nor Aetna, a CVS Health Company holds ISO 27001 certification.

Neither LA Fitness nor Aetna, a CVS Health Company holds PCI DSS certification.

Neither LA Fitness nor Aetna, a CVS Health Company holds HIPAA certification.

Neither LA Fitness nor Aetna, a CVS Health Company holds GDPR certification.

Latest Global CVEs (Not Company-Specific)

Description

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Versions 3.5.4 and below contain a Stored Cross-Site Scripting (XSS) vulnerability in the /WeGIA/html/geral/configurar_senhas.php endpoint. The application does not sanitize user-controlled data before rendering it inside the employee selection dropdown. The application retrieves employee names from the database and injects them directly into HTML <option> elements without proper escaping. This issue is fixed in version 3.5.5.

Published
Date
2025-12-09
Updated
Date
2025-12-09
Risk Information
cvss3
Base: 4.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
References
Description

ZITADEL is an open-source identity infrastructure tool. Versions 4.0.0-rc.1 through 4.7.0 are vulnerable to DOM-Based XSS through the Zitadel V2 logout endpoint. The /logout endpoint insecurely routes to a value that is supplied in the post_logout_redirect GET parameter. As a result, unauthenticated remote attacker can execute malicious JS code on Zitadel users’ browsers. To carry out an attack, multiple user sessions need to be active in the same browser, however, account takeover is mitigated when using Multi-Factor Authentication (MFA) or Passwordless authentication. This issue is fixed in version 4.7.1.

Published
Date
2025-12-09
Updated
Date
2025-12-09
Risk Information
cvss3
Base: 8.0
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
References
Description

ZITADEL is an open-source identity infrastructure tool. Versions 4.7.0 and below are vulnerable to an unauthenticated, full-read SSRF vulnerability. The ZITADEL Login UI (V2) treats the x-zitadel-forward-host header as a trusted fallback for all deployments, including self-hosted instances. This allows an unauthenticated attacker to force the server to make HTTP requests to arbitrary domains, such as internal addresses, and read the responses, enabling data exfiltration and bypassing network-segmentation controls. This issue is fixed in version 4.7.1.

Published
Date
2025-12-09
Updated
Date
2025-12-09
Risk Information
cvss3
Base: 9.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
References
Description

NiceGUI is a Python-based UI framework. Versions 3.3.1 and below are vulnerable to directory traversal through the App.add_media_files() function, which allows a remote attacker to read arbitrary files on the server filesystem. This issue is fixed in version 3.4.0.

Published
Date
2025-12-09
Updated
Date
2025-12-09
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
References
Description

FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions are vulnerable to authentication bypass when the authentication type is set to "webserver." When providing an Authorization header with an arbitrary value, a session is associated with the target user regardless of valid credentials. This issue is fixed in versions 16.0.44 and 17.0.23.

Published
Date
2025-12-09
Updated
Date
2025-12-09
Risk Information
cvss4
Base: 9.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References