Comparison Overview

Match

VS

UKG

Match

8750 N Central Expy, Dallas, Texas, 75231, US
Last Update: 2025-03-04 (UTC)
Between 800 and 900
http://www.lifeatmatch.com

Strong

Match pioneered the concept of online dating when we launched in 1995. Today, we're part of Match Group - a family of dozens of brands like Tinder and Hinge that are creating new ways to meet people, make friends, and build relationships that are fundamental to happiness. Millions of singles have found a meaningful connection using our products! HQโ€™d in Dallas, with offices in LA & NYC, Match is made up of teams from coast to coast. For three years in a row, weโ€™ve been recognized by the Dallas Morning News as a Top 100 Place to Work in Dallas. In 2022, over 5,000 companies competed for a spot in the Top 100 - this puts Match in the top 2% of companies to work for in DFW.

NAICS: 5112
NAICS Definition: Software Publishers
Employees: 916
Subsidiaries: 11
12-month incidents
0
Known data breaches
0
Attack type number
2

UKG

None
Last Update: 2025-07-26 (UTC)

Strong

Between 800 and 900
https://www.ukg.com/

At UKG, our purpose is people. As strong believers in the power of culture and belonging as the secret to success, we champion great workplaces and build lifelong partnerships with our customers to show whatโ€™s possible when businesses invest in their people. One of the worldโ€™s leading HCM cloud companies today, UKG and our Life-work Technology approach to HR, pay, time, and culture solutions for all people helps 80,000 organizations around the globe and across every industry anticipate and adapt to their employeesโ€™ needs beyond just work. To learn more, visit ukg.com. UKG Social Media Guidelines available at https://www.ukg.com/ukg-social-media-guidelines.

NAICS: 5112
NAICS Definition: Software Publishers
Employees: 15,440
Subsidiaries: 0
12-month incidents
0
Known data breaches
1
Attack type number
2

Compliance Badges Comparison

Security & Compliance Standards Overview

https://images.rankiteo.com/companyimages/match-com.jpeg
Match
โ€”
ISO 27001
Not verified
โ€”
SOC 2
Not verified
โ€”
GDPR
No public badge
โ€”
PCI DSS
No public badge
https://images.rankiteo.com/companyimages/ukg.jpeg
UKG
โ€”
ISO 27001
Not verified
โ€”
SOC 2
Not verified
โ€”
GDPR
No public badge
โ€”
PCI DSS
No public badge
Compliance Summary
Match
100%
Compliance Rate
0/4 Standards Verified
UKG
0%
Compliance Rate
0/4 Standards Verified

Benchmark & Cyber Underwriting Signals

Incidents vs Software Development Industry Average (This Year)

No incidents recorded for Match in 2025.

Incidents vs Software Development Industry Average (This Year)

No incidents recorded for UKG in 2025.

Incident History โ€” Match (X = Date, Y = Severity)

Match cyber incidents detection timeline including parent company and subsidiaries

Incident History โ€” UKG (X = Date, Y = Severity)

UKG cyber incidents detection timeline including parent company and subsidiaries

Notable Incidents

Last 3 Security & Risk Events by Company

https://images.rankiteo.com/companyimages/match-com.jpeg
Match
Incidents

Date Detected: 02/2017
Type:Data Leak
Attack Vector: Cloudbleed Security Flaw
Blog: Blog

Date Detected: 08/2015
Type:Cyber Attack
Attack Vector: Malicious Advertisement
Blog: Blog
https://images.rankiteo.com/companyimages/ukg.jpeg
UKG
Incidents

Date Detected: 6/2023
Type:Breach
Blog: Blog

Date Detected: 12/2021
Type:Ransomware
Blog: Blog

FAQ

Both Match company and UKG company demonstrate a comparable AI risk posture, with strong governance and monitoring frameworks in place.

Match and UKG have experienced a similar number of publicly disclosed cyber incidents.

In the current year, UKG company and Match company have not reported any cyber incidents.

UKG company has confirmed experiencing a ransomware attack, while Match company has not reported such incidents publicly.

UKG company has disclosed at least one data breach, while Match company has not reported such incidents publicly.

Match company has reported targeted cyberattacks, while UKG company has not reported such incidents publicly.

Neither Match company nor UKG company has reported experiencing or disclosing vulnerabilities publicly.

Match company has more subsidiaries worldwide compared to UKG company.

UKG company employs more people globally than Match company, reflecting its scale as a Software Development.

Latest Global CVEs (Not Company-Specific)

Description

Mastra is a Typescript framework for building AI agents and assistants. Versions 0.13.8 through 0.13.20-alpha.0 are vulnerable to a Directory Traversal attack that results in the disclosure of directory listings. The code contains a security check to prevent path traversal for reading file contents, but this check is effectively bypassed by subsequent logic that attempts to find directory suggestions. An attacker can leverage this flaw to list the contents of arbitrary directories on the user's filesystem, including the user's home directory, exposing sensitive information about the file system's structure. This issue is fixed in version 0.13.20.

Published
Date
2025-10-03
Updated
Date
2025-10-03
Risk Information
cvss3
Base: 6.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
References
Description

KUNO CMS is a fully deployable full-stack blog application. Versions 1.3.13 and below contain validation flaws in its file upload functionality that can be exploited for stored XSS. The upload endpoint only validates file types based on Content-Type headers, lacks file content analysis and extension whitelist restrictions, allowing attackers to upload SVG files containing malicious scripts (disguised as images). When users access the uploaded resource pages, arbitrary JavaScript executes in their browsers. This issue is fixed in version 1.3.14.

Published
Date
2025-10-03
Updated
Date
2025-10-03
Risk Information
cvss3
Base: 5.4
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
References
Description

Minecraft RCON Terminal is a VS Code extension that streamlines Minecraft server management. Versions 0.1.0 through 2.0.6 stores passwords using VS Code's configuration API which writes to settings.json in plaintext. This issue is fixed in version 2.1.0.

Published
Date
2025-10-03
Updated
Date
2025-10-03
Risk Information
cvss4
Base: 6.6
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

Anyquery is an SQL query engine built on top of SQLite. Versions 0.4.3 and below allow attackers who have already gained access to localhost, even with low privileges, to use the http server through the port unauthenticated, and access private integration data like emails, without any warning of a foreign login from the provider. This issue is fixed in version 0.4.4.

Published
Date
2025-10-03
Updated
Date
2025-10-03
Risk Information
cvss3
Base: 7.7
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
References
Description

DataChain is a Python-based AI-data warehouse for transforming and analyzing unstructured data. Versions 0.34.1 and below allow for deseriaization of untrusted data because of the way the DataChain library reads serialized objects from environment variables (such as DATACHAIN__METASTORE and DATACHAIN__WAREHOUSE) in the loader.py module. An attacker with the ability to set these environment variables can trigger code execution when the application loads. This issue is fixed in version 0.34.2.

Published
Date
2025-10-03
Updated
Date
2025-10-03
Risk Information
cvss3
Base: 2.5
Severity: HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
References