Merck Company CyberSecurity Posture

merck.com
ISOSOC2 Type 1SOC2 Type 2PCI DSSHIPAAGDPR

At Merck, known as MSD outside of the United States and Canada, we are unified around our purpose: We use the power of leading-edge science to save and improve lives around the world. For more than 130 years, we have brought hope to humanity through the development of important medicines and vaccines. We aspire to be the premier research-intensive biopharmaceutical company in the world – and today, we are at the forefront of research to deliver innovative health solutions that advance the prevention and treatment of diseases in people and animals. We foster a diverse and inclusive global workforce and operate responsibly every day to enable a safe, sustainable and healthy future for all people and communities. For more information, visit www.merck.com. This site is intended for residents of the United States and Canada and their territories only. FLS: http://merck.us/3TKXNuZ

Merck A.I CyberSecurity Scoring

Merck

Company Details

Linkedin ID:

merck

Website:

http://merck.us/2J2xAUh

Employees number:

42,297

Number of followers:

2,549,401

NAICS:

3254

Industry Type:

Pharmaceutical Manufacturing

Homepage:

merck.com

IP Addresses:

Scan still pending

Company ID:

MER_3024671

Scan Status:

In-progress

AI scoreMerck Risk Score (AI oriented)

Between 800 and 849

https://images.rankiteo.com/companyimages/merck.jpeg
Merck Pharmaceutical Manufacturing
Updated:
  • Powered by our proprietary A.I cyber incident model
  • Insurance preferes TPRM score to calculate premium
globalscoreMerck Global Score (TPRM)

XXXX

https://images.rankiteo.com/companyimages/merck.jpeg
Merck Pharmaceutical Manufacturing
  • Instant access to detailed risk factors
  • Benchmark vs. industry & size peers
  • Vulnerabilities
  • Findings

Merck

Good
Current Score
802
A (Good)
01000
2 incidents
-34.0 avg impact

Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.

DECEMBER 2025
802
NOVEMBER 2025
799
OCTOBER 2025
798
SEPTEMBER 2025
834
Breach
22 Sep 2025 • Merck Sharp & Dohme LLC (Merck)
Data Breach at Merck via Third-Party Service Provider Graebel Companies

On September 22, 2025, Merck, a New Jersey-based pharmaceutical company, was alerted that its third-party service provider, Graebel Companies, suffered a **data breach** exposing sensitive personal and financial information of current and former employees. The compromised data includes **names, dates of birth, addresses, phone numbers, Social Security numbers, and financial account details**, heightening risks of identity theft and fraud.The breach was formally disclosed to the Massachusetts Attorney General’s office on November 17, 2025, though the exact number of affected individuals remains undetermined. Merck collaborated with Graebel to contain the incident, strengthen security measures, and notify impacted employees. As a remedial step, Merck is providing **24 months of complimentary credit monitoring and identity theft protection** via TransUnion.The exposure of **personally identifiable information (PII) and financial records**—particularly through a third-party vendor—underscores vulnerabilities in supply chain cybersecurity and the potential for long-term reputational and financial harm to both employees and the company.

800
high -34
MER3502435111825
Incident Details -
Type
Data Breach (Third-Party)
Impact
Names Dates of birth Addresses Phone numbers Social Security numbers Financial account information Brand Reputation Impact: Potential reputational harm due to exposure of sensitive employee data Identity Theft Risk: High (due to exposure of PII and financial information) Payment Information Risk: High (financial account information exposed)
Response
Third Party Assistance: Collaboration with Graebel Companies Containment Measures: Implemented by Graebel Companies Remediation Measures: Enhanced security protocols by Graebel Communication Strategy: Direct communication with affected individuals
Data Breach
Personally Identifiable Information (PII) Financial Information Number Of Records Exposed: Unknown (potentially significant) Sensitivity Of Data: High (includes SSNs and financial account information) Names Dates of birth Addresses Phone numbers Social Security numbers
Regulatory Compliance
Regulatory Notifications: Disclosed to Massachusetts Attorney General’s office
Recommendations
Monitor credit and financial accounts for suspicious activity Enroll in complimentary credit monitoring and identity theft protection services (provided by TransUnion for 24 months)
Investigation Status
Ongoing (scope and full impact not yet determined)
Customer Advisories
Public disclosure via regulatory notification; individual notifications sent to affected employees
Stakeholder Advisories
Direct notifications sent to affected individuals
Post Incident Analysis
Enhanced security protocols by Graebel Companies Credit monitoring and identity theft protection services for affected individuals
References
Blog URL Source URL
AUGUST 2025
834
JULY 2025
834
JUNE 2025
834
MAY 2025
834
APRIL 2025
834
MARCH 2025
834
FEBRUARY 2025
834
JANUARY 2025
834
JUNE 2017
835
Cyber Attack
01 Jun 2017 • Merck
Cyber-Attack on Merck

The computer systems of Science and Technology company Merck were targeted in a sophisticated cyber-attack. The company immediately took preventive steps to contain the attack and informed its employees to disconnect mobile phones from the network.

828
critical -7
MER1502422
Incident Details -
Type
Cyber-Attack
Response
Disconnect mobile phones from the network
References
Blog URL Source URL

Frequently Asked Questions

According to Rankiteo, the current A.I.-based Cyber Score for Merck is 802, which corresponds to a Good rating.

According to Rankiteo, the A.I. Rankiteo Cyber Score for November 2025 was 799.

According to Rankiteo, the A.I. Rankiteo Cyber Score for October 2025 was 798.

According to Rankiteo, the A.I. Rankiteo Cyber Score for September 2025 was 834.

According to Rankiteo, the A.I. Rankiteo Cyber Score for August 2025 was 834.

According to Rankiteo, the A.I. Rankiteo Cyber Score for July 2025 was 834.

According to Rankiteo, the A.I. Rankiteo Cyber Score for June 2025 was 834.

According to Rankiteo, the A.I. Rankiteo Cyber Score for May 2025 was 834.

According to Rankiteo, the A.I. Rankiteo Cyber Score for April 2025 was 834.

According to Rankiteo, the A.I. Rankiteo Cyber Score for March 2025 was 834.

According to Rankiteo, the A.I. Rankiteo Cyber Score for February 2025 was 834.

According to Rankiteo, the A.I. Rankiteo Cyber Score for January 2025 was 834.

Over the past 12 months, the average per-incident point impact on Merck’s A.I Rankiteo Cyber Score has been -34.0 points.

You can access Merck’s cyber incident details on Rankiteo by visiting the following link: https://www.rankiteo.com/company/merck.

You can find the summary of the A.I Rankiteo Risk Scoring methodology on Rankiteo by visiting the following link: Rankiteo Algorithm.

You can view Merck’s profile page on Rankiteo by visiting the following link: https://www.rankiteo.com/company/merck.

With scores of 18.5/20 from OpenAI ChatGPT, 20/20 from Mistral AI, and 17/20 from Claude AI, the A.I. Rankiteo Risk Scoring methodology is validated as a market leader.