MGA
Company Details
Linkedin ID:
mercedes-benz-group-ag
Website:
Employees number:
2,032
Number of followers:
0
NAICS:
3361
Industry Type:
Homepage:
mercedes-benz.com
IP Addresses:
0
Company ID:
MER_2302787
Scan Status:
In-progress
Mercedes-Benz Group AG Company CyberSecurity Posture
mercedes-benz.com
Learn more about Mercedes-Benz, its products, innovations and our world! Data privacy: mb4.me/provider Imprint: Mercedes-Benz AG Mercedesstraße 120 D-70372 Stuttgart Deutschland Tel.: +49 7 11 17-0 E-Mail: [email protected] Vertreten durch den Vorstand: Ola Källenius (Vorsitzender), Jörg Burzer, Renata Jungo Brüngger, Sabine Kohleisen, Harald Wilhelm, Markus Schäfer, Britta Seeger Vorsitzender des Aufsichtsrats: Bernd Pischetsrieder Handelsregister beim Amtsgericht Stuttgart, Nr. HRB 762873 Umsatzsteueridentifikationsnummer: DE321281763
Mercedes-Benz Group AG A.I CyberSecurity Scoring
MGA Risk Score (AI oriented)Between 800 and 849
MGA
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
MGA Global Score (TPRM)XXXX
MGA
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
MGA Company CyberSecurity News & History
Past Incidents
2
Attack Types
2
Mercedes-Benz: Mercedes Reaches $120 Million Settlement with US States Over Emissions Scandal
Vulnerability
Rankiteo Explanation
Attack limited on finance or reputation
Description: **Mercedes-Benz Settles U.S. Diesel Emissions Claims for $120 Million** Mercedes-Benz has agreed to a $120 million settlement with multiple U.S. states to resolve civil claims tied to emissions-rigging software in its BlueTEC diesel vehicles. The German automaker, which once marketed these models as "the world’s cleanest and most advanced diesel," reached the deal to address environmental and consumer protection violations stemming from the Dieselgate scandal. Under the agreement, announced on Monday, Mercedes-Benz will continue a retrofit program to update affected vehicles with approved emissions software, incurring additional costs expected to reach tens of millions of dollars. The company stated that the settlement will not impact its bottom-line earnings, as provisions for the costs had already been accounted for. The resolution closes the remaining U.S. legal proceedings against Mercedes-Benz related to the emissions scandal, which previously ensnared other automakers, including Volkswagen. The case highlights ongoing regulatory scrutiny of diesel vehicle compliance in the automotive industry.
Mercedes-Benz AG
Data Leak
Rankiteo Explanation
Attack without any consequences
Description: Owners of Mercedes-Benz vehicles have reported that the app they used to remotely find, unlock, and start their vehicles displayed information on other people's accounts and vehicles. Customers claimed that the Mercedes-Benz linked car app was accessing data from accounts other than their own and displaying names, recent activity, phone numbers, and other information for other car owners. The alleged security breach occurred late on Friday, and a few hours later the app was taken offline for site maintenance. The information shown was cached information; there was no real-time access to the account, no financial information could be viewed, and there was no way to interact with or locate the car connected to the account.
MGA Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for MGA
Incidents vs Motor Vehicle Manufacturing Industry Average (This Year)
Mercedes-Benz Group AG has 44.93% more incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
Mercedes-Benz Group AG has 28.21% more incidents than the average of all companies with at least one recorded incident.
Incident Types MGA vs Motor Vehicle Manufacturing Industry Avg (This Year)
Mercedes-Benz Group AG reported 1 incidents this year: 0 cyber attacks, 0 ransomware, 1 vulnerabilities, 0 data breaches, compared to industry peers with at least 1 incident.
Incident History — MGA (X = Date, Y = Severity)
MGA cyber incidents detection timeline including parent company and subsidiaries
MGA Company Subsidiaries
Learn more about Mercedes-Benz, its products, innovations and our world! Data privacy: mb4.me/provider Imprint: Mercedes-Benz AG Mercedesstraße 120 D-70372 Stuttgart Deutschland Tel.: +49 7 11 17-0 E-Mail: [email protected] Vertreten durch den Vorstand: Ola Källenius (Vorsitzender), Jörg Burzer, Renata Jungo Brüngger, Sabine Kohleisen, Harald Wilhelm, Markus Schäfer, Britta Seeger Vorsitzender des Aufsichtsrats: Bernd Pischetsrieder Handelsregister beim Amtsgericht Stuttgart, Nr. HRB 762873 Umsatzsteueridentifikationsnummer: DE321281763
Loading...
MGA Similar Companies
PT Astra Honda Motor
PT Astra Honda Motor (AHM) is a manufacturing company which produces motorcyle of Honda brand. A collaboration of strong Astra Management System and Honda high technology makes AHM the leading company in motorcycle market in indonesia. Now PT. Astra Honda Motor becoming Indonesia leading company in
Lear Corporation
Lear, a global automotive technology leader in Seating and E-Systems, enables superior in-vehicle experiences for consumers around the world. Our diverse team of talented employees in 37 countries is driven by a commitment to innovation, operational excellence, and sustainability. Lear is Making eve
Royal Enfield
The oldest motorcycle brand in continuous production, Royal Enfield made its first motorcycle in 1901. A division of Eicher Motors Limited, Royal Enfield has created the mid-sized motorcycle segment in India with its unique and distinctive modern classic bikes. Royal Enfield operates in 60+ countr
With its four brands BMW, MINI, Rolls-Royce and BMW Motorrad, the BMW Group is the world’s leading pre-mium manufacturer of automobiles and motorcycles and also provides premium financial services. The BMW Group production network comprises over 30 production sites worldwide; the company has a globa
Continental
Continental develops pioneering technologies and services for sustainable and connected mobility of people and their goods. Founded in 1871, the technology company offers safe, efficient, intelligent and affordable solutions for vehicles, machines, traffic and transportation. In 2023, Continental ge
Driven by our Core Values and our winning mindset, we’re relentless in our pursuit to become the most trusted partner and best manufacturer and distributer to the transportation industry. Our employees are the changemakers of this ambition, bringing drive, passion and dedication to everything we d
Sumitomo Electric Bordnetze SE
Sumitomo Electric Bordnetze SE (SEBN) is a global automotive supplier with over 36,000 employees in 13 countries. SEBN is part of the Japanese group Sumitomo Electric Industries, which has 380 subsidiaries in various industries worldwide. The more than 400-year-old Sumitomo Electric Group employs 28
PACCAR
PACCAR is a global technology leader in the design, manufacture and customer support of premium light-, medium- and heavy-duty trucks under the Kenworth, Peterbilt and DAF nameplates. PACCAR also designs and manufactures advanced diesel engines, provides financial services, information technology, a
Marelli is a global, independent technology partner to the automotive industry, with a strong and established track record in innovation and manufacturing excellence. As mobility is evolving fast and global trends drive unprecedented innovation, we leverage our expertise in integrating software and
.png)
MGA CyberSecurity News
December 22, 2025 10:02 AM
Mercedes-Benz Group AG: Release of a capital market information
EQS Post-admission Duties announcement: Mercedes-Benz Group AG / Disclosure according to Art. 5 para. 1, para 3 of Regulation No.
November 20, 2025 08:00 AM
Kurtz Becomes Co-Owner of Mercedes-AMG F1 Team
George Kurtz has become a minority owner of the Mercedes-AMG Formula 1 team, with the CrowdStrike co-founder and CEO personally purchasing a...
November 20, 2025 08:00 AM
George Kurtz Becomes Co-Owner of Mercedes-AMG PETRONAS F1 Team Through Minority Acquisition in Toto Wolff Ownership Entity, Appointed Technology Advisor
The Mercedes-AMG PETRONAS F1 Team and George Kurtz, CEO and Founder of CrowdStrike, today announced that Kurtz has become a co-owner of the...
November 20, 2025 08:00 AM
F1: Crowdstrike Co-Founder George Kurtz Buys Toto Wolff's Stake in Mercedes' F1 Team
George Kurtz has brought Toto Wolff's 15% stake in Mercedes' Formula 1 team however the Austrian's role in the team will be unchanged.
November 19, 2025 08:00 AM
George Kurtz Appointed Technology Advisor and Joins the Team’s Long-Term Ownership Group
Business innovator and 24 Hours of Le Mans winner invests in the future of the Mercedes-AMG PETRONAS F1 Team.
November 12, 2025 08:00 AM
Mercedes F1’s Wolff in Talks to Sell Stake at $6 Billion Value
Mercedes Formula One Chief Executive Officer Toto Wolff is in talks to sell some of his stake in a deal that could value the team at a...
November 05, 2025 08:00 AM
Mercedes-Benz boosts efficiency with Celonis process intelligence
Mercedes-Benz enhances manufacturing efficiency and on-time delivery by integrating Celonis Process Intelligence across its global...
October 30, 2025 07:00 AM
Mercedes-Benz Group AG (MBGAF) Q3 2025 Earnings Call Highlights: Navigating Challenges with ...
Despite market headwinds, Mercedes-Benz Group AG (MBGAF) focuses on innovation and shareholder returns with a new share buyback program and...
October 29, 2025 07:00 AM
Mercedes CEO seeks 'animal' spirit in ferocious China, US markets
German luxury carmaker Mercedes-Benz said carmakers must adapt like "animals" to survive in the fierce global auto market, where price wars...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
MGA CyberSecurity History Information
Official Website of Mercedes-Benz Group AG
The official website of Mercedes-Benz Group AG is http://www.mercedes-benz.com/.
Mercedes-Benz Group AG’s AI-Generated Cybersecurity Score
According to Rankiteo, Mercedes-Benz Group AG’s AI-generated cybersecurity score is 835, reflecting their Good security posture.
How many security badges does Mercedes-Benz Group AG’ have ?
According to Rankiteo, Mercedes-Benz Group AG currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Mercedes-Benz Group AG have SOC 2 Type 1 certification ?
According to Rankiteo, Mercedes-Benz Group AG is not certified under SOC 2 Type 1.
Does Mercedes-Benz Group AG have SOC 2 Type 2 certification ?
According to Rankiteo, Mercedes-Benz Group AG does not hold a SOC 2 Type 2 certification.
Does Mercedes-Benz Group AG comply with GDPR ?
According to Rankiteo, Mercedes-Benz Group AG is not listed as GDPR compliant.
Does Mercedes-Benz Group AG have PCI DSS certification ?
According to Rankiteo, Mercedes-Benz Group AG does not currently maintain PCI DSS compliance.
Does Mercedes-Benz Group AG comply with HIPAA ?
According to Rankiteo, Mercedes-Benz Group AG is not compliant with HIPAA regulations.
Does Mercedes-Benz Group AG have ISO 27001 certification ?
According to Rankiteo,Mercedes-Benz Group AG is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Mercedes-Benz Group AG
Mercedes-Benz Group AG operates primarily in the Motor Vehicle Manufacturing industry.
Number of Employees at Mercedes-Benz Group AG
Mercedes-Benz Group AG employs approximately 2,032 people worldwide.
Subsidiaries Owned by Mercedes-Benz Group AG
Mercedes-Benz Group AG presently has no subsidiaries across any sectors.
Mercedes-Benz Group AG’s LinkedIn Followers
Mercedes-Benz Group AG’s official LinkedIn profile has approximately 0 followers.
NAICS Classification of Mercedes-Benz Group AG
Mercedes-Benz Group AG is classified under the NAICS code 3361, which corresponds to Motor Vehicle Manufacturing.
Mercedes-Benz Group AG’s Presence on Crunchbase
No, Mercedes-Benz Group AG does not have a profile on Crunchbase.
Mercedes-Benz Group AG’s Presence on LinkedIn
Yes, Mercedes-Benz Group AG maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/mercedes-benz-group-ag.
Cybersecurity Incidents Involving Mercedes-Benz Group AG
As of December 23, 2025, Rankiteo reports that Mercedes-Benz Group AG has experienced 2 cybersecurity incidents.
Number of Peer and Competitor Companies
Mercedes-Benz Group AG has an estimated 12,717 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Mercedes-Benz Group AG ?
Incident Types: The types of cybersecurity incidents that have occurred include Data Leak and Vulnerability.
What was the total financial impact of these incidents on Mercedes-Benz Group AG ?
Total Financial Loss: The total financial loss from these incidents is estimated to be $120 million.
How does Mercedes-Benz Group AG detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an containment measures with app taken offline for site maintenance, and remediation measures with retrofit program for affected vehicles with approved emissions software..
Incident Details
Can you provide details on each incident ?
Title: Mercedes-Benz Linked Car App Data Breach
Description: Owners of Mercedes-Benz vehicles have reported that the app they used to remotely find, unlock, and start their vehicles displayed information on other people's accounts and vehicles.
Date Detected: Late on Friday
Type: Data Breach
Attack Vector: Application Vulnerability
Title: Mercedes-Benz Emissions-Rigging Software Settlement
Description: Mercedes-Benz agreed to pay $120 million to multiple U.S. states to resolve civil environmental and consumer protection claims related to emissions-rigging software in its BlueTEC vehicles, which were marketed as 'the world’s cleanest and most advanced diesel.' The settlement includes a retrofit program for affected vehicles with approved emissions software.
Date Publicly Disclosed: 2023-10-02
Type: Regulatory Violation
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Vulnerability.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach MER71318423
Data Compromised: Names, Recent activity, Phone numbers
Systems Affected: Mercedes-Benz Linked Car App
Downtime: App taken offline for site maintenance
Incident : Regulatory Violation MER1766433596
Financial Loss: $120 million
Systems Affected: Vehicle emissions software
Operational Impact: Retrofit program for affected vehicles
Brand Reputation Impact: Yes
Legal Liabilities: Civil environmental and consumer protection claims
What is the average financial loss per incident ?
Average Financial Loss: The average financial loss per incident is $60.00 million.
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Names, Recent Activity, Phone Numbers and .
Which entities were affected by each incident ?
Incident : Data Breach MER71318423
Entity Name: Mercedes-Benz
Entity Type: Company
Industry: Automotive
Incident : Regulatory Violation MER1766433596
Entity Name: Mercedes-Benz
Entity Type: Corporation
Industry: Automotive
Location: Germany
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach MER71318423
Containment Measures: App taken offline for site maintenance
Incident : Regulatory Violation MER1766433596
Remediation Measures: Retrofit program for affected vehicles with approved emissions software
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach MER71318423
Type of Data Compromised: Names, Recent activity, Phone numbers
Personally Identifiable Information: NamesPhone Numbers
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Retrofit program for affected vehicles with approved emissions software.
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by app taken offline for site maintenance.
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Regulatory Violation MER1766433596
Regulations Violated: Environmental regulations, Consumer protection laws,
Fines Imposed: $120 million
Legal Actions: Civil claims resolved
How does the company ensure compliance with regulatory requirements ?
Ensuring Regulatory Compliance: The company ensures compliance with regulatory requirements through Civil claims resolved.
References
Where can I find more information about each incident ?
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: ReutersDate Accessed: 2023-10-02.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Regulatory Violation MER1766433596
Investigation Status: Resolved
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Regulatory Violation MER1766433596
Root Causes: Emissions-rigging software in vehicles
Corrective Actions: Retrofit program for affected vehicles with approved emissions software
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Retrofit program for affected vehicles with approved emissions software.
Additional Questions
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on Late on Friday.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2023-10-02.
Impact of the Incidents
What was the highest financial loss from an incident ?
Highest Financial Loss: The highest financial loss from an incident was $120 million.
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Names, Recent Activity, Phone Numbers and .
Response to the Incidents
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident was App taken offline for site maintenance.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Recent Activity, Phone Numbers and Names.
Regulatory Compliance
What was the highest fine imposed for a regulatory violation ?
Highest Fine Imposed: The highest fine imposed for a regulatory violation was $120 million.
What was the most significant legal action taken for a regulatory violation ?
Most Significant Legal Action: The most significant legal action taken for a regulatory violation was Civil claims resolved.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident is Reuters.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Resolved.
.png)
Latest Global CVEs (Not Company-Specific)
Description
A vulnerability has been found in SeaCMS up to 13.3. The affected element is an unknown function of the file js/player/dmplayer/dmku/class/mysqli.class.php. Such manipulation of the argument page/limit leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.
Risk Information
cvss2
Base: 7.5
Severity: LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
cvss3
Base: 7.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HappyDevs TempTool allows Stored XSS.This issue affects TempTool: from n/a through 1.3.1.
Risk Information
cvss3
Base: 6.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tormorten WP Microdata allows Stored XSS.This issue affects WP Microdata: from n/a through 1.0.
Risk Information
cvss3
Base: 6.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
Description
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in HappyDevs TempTool allows Retrieve Embedded Sensitive Data.This issue affects TempTool: from n/a through 1.3.1.
Risk Information
cvss3
Base: 4.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Description
A vulnerability has been found in Tenda FH1201 1.2.0.14(408). Affected is the function sprintf of the file /goform/SetIpBind. Such manipulation of the argument page leads to stack-based buffer overflow. The attack may be performed from remote. The exploit has been disclosed to the public and may be used.
Risk Information
cvss2
Base: 9.0
Severity: LOW
AV:N/AC:L/Au:S/C:C/I:C/A:C
cvss3
Base: 8.8
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvss4
Base: 7.4
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
- https://github.com/z472421519/BinaryAudit/blob/main/PoC/BOF/Tenda_FH1201/SetIpBind/SetIpBind.md
- https://github.com/z472421519/BinaryAudit/blob/main/PoC/BOF/Tenda_FH1201/SetIpBind/SetIpBind.md#reproduce
- https://vuldb.com/?ctiid.337689
- https://vuldb.com/?id.337689
- https://vuldb.com/?submit.719154
- https://www.tenda.com.cn/
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=mercedes-benz-group-ag' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
