Comparison Overview

Mauna Kea Resort

VS

TUI

Mauna Kea Resort

62-100 Mauna Kea Beach Dr. Kohala Coast, Hawaii 96743, US
Last Update: 2025-05-05 (UTC)
Between 800 and 900
http://www.maunakearesort.com

Strong

Mauna Kea Resort encompasses both Mauna Kea Beach Hotel and Hapuna Beach Prince Hotel. These iconic hotel's share 1,839 acres of oceanfront paradise along the sunny Kohala Coast of Hawaii's Big Island. Laurance S. Rockefeller, who founded The Mauna Kea Beach Hotel in 1965 knew the great beach at Kauna'oa bay also deserved spectacular golf and exceptional dining to accompany the most exclusive and expensive resort of its day. Four decades later, following a $150 million repair and renovation, The Mauna Kea once again stands as a landmark of luxury. The second phase in Rockefeller's creation of Mauna Kea Resort, the Hapuna Beach Prince Hotel was created in 1994. This hotel is perfectly nestled into the bluffs above the #1-rated Hapuna Beach. It presents a flowing, contemporary Hawaiian style where guests on vacation experience the true essence of rejuvenation. With a timeless tradition of aloha, Mauna Kea Resort welcomes generations of guests to come and be inspired by the past, embraced by the moment, enchanted by the warm days and exciting possibilities ahead. Show more Show less

NAICS: 7211
NAICS Definition: Traveler Accommodation
Employees: 501-1,000
Subsidiaries: 0
12-month incidents
0
Known data breaches
0
Attack type number
0

TUI

Karl-Wiechert Allee 23, Hannover, Lower Saxony, 30625, DE
Last Update: 2025-03-05 (UTC)

Strong

Between 800 and 900
http://www.tuigroup.com

Weโ€™re adventure seekers. Smile givers. Impact makers. We believe in the power of travel. It broadens horizons for our customers, and for our people too. New places to live, new roles to explore, new communities to join. Itโ€™s yours for the taking. Weโ€™re TUI, a leading global travel and leisure experience company that makes holiday dreams come true for people around the world. We are one of the worldโ€™s leading tourism groups counting 1200 travel agencies and online portals, five airlines with around 130 aircraft, over 400 hotels, 16 cruise liners, digital platforms for tours and activities and most importantly over 60 000 colleagues around the world. What unites us is creating moments that enrich the lives of our 21 million customers. Beside the unforgettable experience we provide our customers, we also believe in the good that tourism can bring and we care deeply about our environmental impact. The TUI Care foundation has projects in over 30 countries worldwide, building on the potential of tourism as a global force for development. The Foundation opens up new perspectives through education and training, empowers local communities to benefit from the success of tourism and engages in the protection of nature and the environment. At TUI we simply say โ€œLetโ€™s TUI itโ€. For us, that means creating happiness. Tackling challenges every day together, with a positive, can-do attitude, and finding solutions even for the most unexpected situations. Our teams across TUI are just as diverse as our destinations. So whether you have lots of experience or none at all. If you want to work in an office or feel best in the field. No matter if youโ€™re an accomplished tech whizz, an aspiring entertainer, or simply in love with flying. Thereโ€™s a place for you here.

NAICS: 7211
NAICS Definition: Traveler Accommodation
Employees: 32,836
Subsidiaries: 7
12-month incidents
0
Known data breaches
0
Attack type number
0

Compliance Badges Comparison

Security & Compliance Standards Overview

https://images.rankiteo.com/companyimages/defaultcompany.jpeg
Mauna Kea Resort
โ€”
ISO 27001
Not verified
โ€”
SOC 2
Not verified
โ€”
GDPR
No public badge
โ€”
PCI DSS
No public badge
https://images.rankiteo.com/companyimages/tuigroup.jpeg
TUI
โ€”
ISO 27001
Not verified
โ€”
SOC 2
Not verified
โ€”
GDPR
No public badge
โ€”
PCI DSS
No public badge
Compliance Summary
Mauna Kea Resort
100%
Compliance Rate
0/4 Standards Verified
TUI
0%
Compliance Rate
0/4 Standards Verified

Benchmark & Cyber Underwriting Signals

Incidents vs Hospitality Industry Average (This Year)

No incidents recorded for Mauna Kea Resort in 2025.

Incidents vs Hospitality Industry Average (This Year)

No incidents recorded for TUI in 2025.

Incident History โ€” Mauna Kea Resort (X = Date, Y = Severity)

Mauna Kea Resort cyber incidents detection timeline including parent company and subsidiaries

Incident History โ€” TUI (X = Date, Y = Severity)

TUI cyber incidents detection timeline including parent company and subsidiaries

Notable Incidents

Last 3 Security & Risk Events by Company

https://images.rankiteo.com/companyimages/defaultcompany.jpeg
Mauna Kea Resort
Incidents

No Incident

https://images.rankiteo.com/companyimages/tuigroup.jpeg
TUI
Incidents

No Incident

FAQ

Both Mauna Kea Resort company and TUI company demonstrate a comparable AI risk posture, with strong governance and monitoring frameworks in place.

Historically, TUI company has disclosed a higher number of cyber incidents compared to Mauna Kea Resort company.

In the current year, TUI company and Mauna Kea Resort company have not reported any cyber incidents.

Neither TUI company nor Mauna Kea Resort company has reported experiencing a ransomware attack publicly.

Neither TUI company nor Mauna Kea Resort company has reported experiencing a data breach publicly.

Neither TUI company nor Mauna Kea Resort company has reported experiencing targeted cyberattacks publicly.

Neither Mauna Kea Resort company nor TUI company has reported experiencing or disclosing vulnerabilities publicly.

TUI company has more subsidiaries worldwide compared to Mauna Kea Resort company.

TUI company employs more people globally than Mauna Kea Resort company, reflecting its scale as a Hospitality.

Latest Global CVEs (Not Company-Specific)

Description

Better Auth is an authentication and authorization library for TypeScript. In versions prior to 1.3.26, unauthenticated attackers can create or modify API keys for any user by passing that user's id in the request body to the `api/auth/api-key/create` route. `session?.user ?? (authRequired ? null : { id: ctx.body.userId })`. When no session exists but `userId` is present in the request body, `authRequired` becomes false and the user object is set to the attacker-controlled ID. Server-only field validation only executes when `authRequired` is true (lines 280-295), allowing attackers to set privileged fields. No additional authentication occurs before the database operation, so the malicious payload is accepted. The same pattern exists in the update endpoint. This is a critical authentication bypass enabling full an unauthenticated attacker can generate an API key for any user and immediately gain complete authenticated access. This allows the attacker to perform any action as the victim user using the api key, potentially compromise the user data and the application depending on the victim's privileges. Version 1.3.26 contains a patch for the issue.

Published
Date
2025-10-09
Updated
Date
2025-10-09
Risk Information
cvss4
Base: 9.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

Allstar is a GitHub App to set and enforce security policies. In versions prior to 4.5, a vulnerability in Allstarโ€™s Reviewbot component caused inbound webhook requests to be validated against a hard-coded, shared secret. The value used for the secret token was compiled into the Allstar binary and could not be configured at runtime. In practice, this meant that every deployment using Reviewbot would validate requests with the same secret unless the operator modified source code and rebuilt the component - an expectation that is not documented and is easy to miss. All Allstar releases prior to v4.5 that include the Reviewbot code path are affected. Deployments on v4.5 and later are not affected. Those who have not enabled or exposed the Reviewbot endpoint are not exposed to this issue.

Published
Date
2025-10-09
Updated
Date
2025-10-09
Risk Information
cvss4
Base: 4.6
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

Multiple cross-site scripting (XSS) vulnerabilities with Calendar events in Liferay Portal 7.4.3.35 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.7, 7.4 update 35 through update 92, and 7.3 update 25 through update 36 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a userโ€™s (1) First Name, (2) Middle Name or (3) Last Name text field.

Published
Date
2025-10-09
Updated
Date
2025-10-09
Risk Information
cvss4
Base: 4.8
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

Python Social Auth is a social authentication/registration mechanism. In versions prior to 5.6.0, upon authentication, the user could be associated by e-mail even if the `associate_by_email` pipeline was not included. This could lead to account compromise when a third-party authentication service does not validate provided e-mail addresses or doesn't require unique e-mail addresses. Version 5.6.0 contains a patch. As a workaround, review the authentication service policy on e-mail addresses; many will not allow exploiting this vulnerability.

Published
Date
2025-10-09
Updated
Date
2025-10-09
Risk Information
cvss4
Base: 6.3
Severity: HIGH
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

Confidential Containers's Trustee project contains tools and components for attesting confidential guests and providing secrets to them. In versions prior to 0.15.0, the attestation-policy endpoint didn't check if the kbs-client submitting the request was actually authenticated (had the right key). This allowed any kbs-client to actually change the attestation policy. Version 0.15.0 fixes the issue.

Published
Date
2025-10-09
Updated
Date
2025-10-09
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References