MetLife
Company Details
Linkedin ID:
metlife
Website:
Employees number:
42,313
Number of followers:
1,003,442
NAICS:
524
Industry Type:
Homepage:
metlife.com
IP Addresses:
657
Company ID:
MET_2923798
Scan Status:
Completed
MetLife Company CyberSecurity Posture
metlife.com
We live in a time of unprecedented change. A time when economies, regulations, and social safety nets are all in flux. Customers around the globe have told us they’re overwhelmed by the pace of change and are looking for a trusted partner to help them manage life’s twists and turns. MetLife is committed to being that partner. That’s why we’re transforming our business: Delivering greater value for the people we serve by becoming a simpler, more focused, and future-facing company. We’ll be introducing new ways to meet our customers’ evolving needs, with flexible products; simpler, more intuitive experiences and a range of new services. MetLife. Navigating life together. For customer service: https://www.metlife.com/support-and-manage/contact-us/ For social media notices: https://www.metlife.com/about-us/terms-and-conditions/social-media/ MetLife, Inc. (NYSE: MET), through its subsidiaries and affiliates (“MetLife”), is one of the world’s leading financial services companies, providing insurance, annuities, employee benefits and asset management to help its individual and institutional customers navigate their changing world. Founded in 1868, MetLife has operations in more than 40 markets globally and holds leading positions in the United States, Japan, Latin America, Asia, Europe and the Middle East.
MetLife A.I CyberSecurity Scoring
MetLife Risk Score (AI oriented)Between 600 and 649
MetLife
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
MetLife Global Score (TPRM)XXXX
MetLife
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
MetLife Company CyberSecurity News & History
Past Incidents
7
Attack Types
2
MetLife
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: The Massachusetts Office of Consumer Affairs and Business Regulation reported that MetLife experienced a data breach on September 26, 2016, affecting 13 residents. The breach involved electronic records, specifically Social Security Numbers (SSN) and Account Numbers.
Metropolitan Life Insurance Company
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: The California Office of the Attorney General reported on August 10, 2020, that Metropolitan Life Insurance Company experienced a data breach on July 24, 2020, involving the inadvertent disclosure of personal information, including names, Social Security numbers, and premium refund information. Approximately one individual was affected by this incident.
Metropolitan Life Insurance Company
Breach
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: The California Office of the Attorney General reported a data breach involving Metropolitan Life Insurance Company on November 16, 2018. The breach occurred on October 18, 2018, when an email containing personal information, including Social Security Numbers, was inadvertently sent to a Benefits Administrator for another MetLife group customer. The specific number of individuals affected is unknown.
Metropolitan Life Insurance Company
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The California Office of the Attorney General reported a data breach involving Metropolitan Life Insurance Company on March 28, 2024. The breach occurred on November 1, 2023, due to a coding transmission error that misdirected electronic dental claim information to incorrect providers, potentially affecting personal information including names and Social Security numbers of impacted patients.
Metropolitan Life Insurance Company
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: On December 15, 2017, the California Attorney General reported a data breach involving MetLife that occurred on November 9, 2017. The breach involved the inadvertent disclosure of personal information, including names, Social Security numbers, and group life coverage election amounts, affecting an unspecified number of individuals.
Metropolitan Life Insurance Company
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: On November 18, 2023, Metropolitan Life Insurance Company experienced a data breach due to a **coding transmission error**, which misdirected electronic dental claim information. The incident, reported by the California Office of the Attorney General on April 22, 2024, exposed **personal data** of affected patients, including **names and Social Security numbers**. While the exact number of impacted individuals remains undisclosed, the breach involved sensitive information that could lead to identity theft or financial fraud. The error highlights vulnerabilities in data handling processes, particularly in secure transmission protocols. As a major insurance provider, the exposure of such data poses risks to customer trust and regulatory compliance, potentially triggering legal repercussions under data protection laws like **CCPA (California Consumer Privacy Act)**. The breach underscores the need for stricter validation mechanisms in electronic data transfers to prevent similar misdirections in the future.
MetLife
Ransomware
Rankiteo Explanation
Attack threatening the organization’s existence
Description: MetLife experienced significant operational disruption due to a ransomware attack by the group RansomHub, resulting in over 27 days of downtime, accumulating nearly $84,000 in costs per day for government agencies. The attack highlights the vulnerability of critical infrastructure to cyber threats and the costly impact of downtime. With an average ransom demand of $2.2 million, financial losses are substantial, even without considering reputational damage. Despite proposals to ban ransom payments by state-run organizations, government entities continue to be prime targets, underscoring the need for improved cyber resilience.
MetLife Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for MetLife
Incidents vs Insurance Industry Average (This Year)
MetLife has 49.25% more incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
MetLife has 56.25% more incidents than the average of all companies with at least one recorded incident.
Incident Types MetLife vs Insurance Industry Avg (This Year)
MetLife reported 1 incidents this year: 0 cyber attacks, 1 ransomware, 0 vulnerabilities, 0 data breaches, compared to industry peers with at least 1 incident.
Incident History — MetLife (X = Date, Y = Severity)
MetLife cyber incidents detection timeline including parent company and subsidiaries
MetLife Company Subsidiaries
We live in a time of unprecedented change. A time when economies, regulations, and social safety nets are all in flux. Customers around the globe have told us they’re overwhelmed by the pace of change and are looking for a trusted partner to help them manage life’s twists and turns. MetLife is committed to being that partner. That’s why we’re transforming our business: Delivering greater value for the people we serve by becoming a simpler, more focused, and future-facing company. We’ll be introducing new ways to meet our customers’ evolving needs, with flexible products; simpler, more intuitive experiences and a range of new services. MetLife. Navigating life together. For customer service: https://www.metlife.com/support-and-manage/contact-us/ For social media notices: https://www.metlife.com/about-us/terms-and-conditions/social-media/ MetLife, Inc. (NYSE: MET), through its subsidiaries and affiliates (“MetLife”), is one of the world’s leading financial services companies, providing insurance, annuities, employee benefits and asset management to help its individual and institutional customers navigate their changing world. Founded in 1868, MetLife has operations in more than 40 markets globally and holds leading positions in the United States, Japan, Latin America, Asia, Europe and the Middle East.
Loading...
MetLife Similar Companies
State Life Insurance Pakistan
The Life Insurance Business in Pakistan was nationalized in March 1972. Initially, the Life Insurance business of 32 Insurance Companies was merged and placed under three Beema Units named “A”, “B” and “C” Beema Units. However, later these Beema Units were merged, and effective November 1, 1972, the
China Pacific Life Insurance Co., Ltd (CPIC Life in short) was formed on the basis of life insurance business of China Pacific Insurance Co., Ltd., which was founded on May 13th 1991, and is held by CPIC Group. The company was incorporated in November 11, 2001, headquartered in Shanghai and register
AIA Group Limited and its subsidiaries (collectively “AIA” or the “Group”) comprise the largest independent publicly listed pan-Asian life insurance group. It has a presence in 18 markets – wholly-owned branches and subsidiaries in Mainland China, Hong Kong SAR(1), Thailand, Singapore, Malaysia, Aus
Talanx
Talanx is one of the major European insurance groups. Under the HDI brand it operates both in Germany and abroad in industrial insurance as well as retail business. Further Group brands include Hannover Re, one of the world’s leading reinsurers, Targo insurers, LifeStyle Protection and neue leben, t
Manulife is a leading international financial services group that helps people make their decisions easier and lives better. With our global headquarters in Toronto, we operate as Manulife across our offices in Canada, Asia, and Europe, and primarily as John Hancock in the United States. We have mor
Allianz Partners
Allianz Partners is a world leader in B2B2C insurance and assistance, offering global solutions that span international health and life, travel insurance, automotive and assistance. Customer driven, our innovative experts are redefining insurance services by delivering future-ready, high-tech high-t
AAA-The Auto Club Group
AAA - The Auto Club Group (ACG) is the second largest AAA club in North America, serving more than 13+ million members across 14 U.S. states, the province of Quebec, Puerto Rico, and the U.S. Virgin Islands. For over 100 years, AAA has provided safety, security, and peace of mind. ACG advances AAA’
China Life Insurance Co.Ltd
China Life Insurance (Group) Company, headquartered in Beijing, is a large state-owned financial and insurance company. Its predecessor,PICC was founded in 1949 and the PICC (Life) Co.,Ltd was set up in 1996 after its separation from the former PICC. In 1999, it was renamed China Life Insurance Comp
SBI Life Insurance (‘SBI Life’ / ‘The Company’), one of the most trusted life insurance companies in India, was incorporated in October 2000 and is registered with the Insurance Regulatory and Development Authority of India (IRDAI) in March 2001. Serving millions of families across India, SBI Li
.png)
MetLife CyberSecurity News
October 15, 2025 07:00 AM
Aura Identity Theft Protection Review 2025
Aura offers $12/month plans with features like auto title monitoring and data removal. It's a top-rated identity theft service but lacks...
September 25, 2025 07:00 AM
QNB and MetLife sign agreement to strengthen bancassurance partnership
QNB has signed an agreement with MetLife to further strengthen their long-standing partnership.
August 26, 2025 07:00 AM
Aura Identity Theft Protection Plans
If you're considering Aura's identity theft protection service, our guide explains all you need to know to see if Aura is right for you.
August 06, 2025 07:00 AM
MetLife CFO John McCallion Provides Second Quarter 2025 Financial Update Video
MetLife, Inc. (NYSE: MET) today announced that John McCallion, executive vice president and chief financial officer, and head of MetLife...
June 09, 2025 11:37 PM
How insurance companies work with IBM to implement generative AI-based solutions
Helping clients improve core productivity while reducing cost, and embrace data modernization utilizing secure hybrid cloud and AI.
May 21, 2025 07:00 AM
A Decade of Cyber Defense Excellence Through the NJCCIC
The NJOHSP celebrated the 10-year anniversary of the New Jersey Cybersecurity and Communications Integration Cell (NJCCIC)
May 17, 2025 07:00 AM
MetLife opens new GCCs in Hyd, Pune
Hyderabad: MetLife on Friday announced the expansion of their India operations with the creation of technology hubs in Hyderabad and Pune.
April 30, 2025 07:00 AM
MetLife first-quarter profit rises on strong investment gains; launches $3 billion buyback
Insurer MetLife reported a nearly 5% rise in first-quarter profit on Wednesday, driven by higher premiums and investment income,...
April 24, 2025 07:00 AM
PNB MetLife Appoints Manoj Arora As Its Chief Information Security Officer
In a strategic move to strengthen its Cybersecurity Strategy, PNB MetLife India Insurance Co. Ltd. has appointed Manoj Arora as its new...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
MetLife CyberSecurity History Information
Official Website of MetLife
The official website of MetLife is http://www.metlife.com.
MetLife’s AI-Generated Cybersecurity Score
According to Rankiteo, MetLife’s AI-generated cybersecurity score is 628, reflecting their Poor security posture.
How many security badges does MetLife’ have ?
According to Rankiteo, MetLife currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does MetLife have SOC 2 Type 1 certification ?
According to Rankiteo, MetLife is not certified under SOC 2 Type 1.
Does MetLife have SOC 2 Type 2 certification ?
According to Rankiteo, MetLife does not hold a SOC 2 Type 2 certification.
Does MetLife comply with GDPR ?
According to Rankiteo, MetLife is not listed as GDPR compliant.
Does MetLife have PCI DSS certification ?
According to Rankiteo, MetLife does not currently maintain PCI DSS compliance.
Does MetLife comply with HIPAA ?
According to Rankiteo, MetLife is not compliant with HIPAA regulations.
Does MetLife have ISO 27001 certification ?
According to Rankiteo,MetLife is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of MetLife
MetLife operates primarily in the Insurance industry.
Number of Employees at MetLife
MetLife employs approximately 42,313 people worldwide.
Subsidiaries Owned by MetLife
MetLife presently has no subsidiaries across any sectors.
MetLife’s LinkedIn Followers
MetLife’s official LinkedIn profile has approximately 1,003,442 followers.
NAICS Classification of MetLife
MetLife is classified under the NAICS code 524, which corresponds to Insurance Carriers and Related Activities.
MetLife’s Presence on Crunchbase
Yes, MetLife has an official profile on Crunchbase, which can be accessed here: https://www.crunchbase.com/organization/metlife.
MetLife’s Presence on LinkedIn
Yes, MetLife maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/metlife.
Cybersecurity Incidents Involving MetLife
As of November 27, 2025, Rankiteo reports that MetLife has experienced 7 cybersecurity incidents.
Number of Peer and Competitor Companies
MetLife has an estimated 14,859 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at MetLife ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach and Ransomware.
What was the total financial impact of these incidents on MetLife ?
Total Financial Loss: The total financial loss from these incidents is estimated to be $2.27 million.
Incident Details
Can you provide details on each incident ?
Title: Ransomware Attack on MetLife
Description: MetLife experienced significant operational disruption due to a ransomware attack by the group RansomHub, resulting in over 27 days of downtime, accumulating nearly $84,000 in costs per day for government agencies. The attack highlights the vulnerability of critical infrastructure to cyber threats and the costly impact of downtime. With an average ransom demand of $2.2 million, financial losses are substantial, even without considering reputational damage. Despite proposals to ban ransom payments by state-run organizations, government entities continue to be prime targets, underscoring the need for improved cyber resilience.
Type: Ransomware Attack
Threat Actor: RansomHub
Motivation: Financial Gain
Title: MetLife Data Breach
Description: The Massachusetts Office of Consumer Affairs and Business Regulation reported that MetLife experienced a data breach on September 26, 2016, affecting 13 residents. The breach involved electronic records, specifically Social Security Numbers (SSN) and Account Numbers.
Date Detected: 2016-09-26
Type: Data Breach
Title: Data Breach at Metropolitan Life Insurance Company
Description: A coding transmission error misdirected electronic dental claim information to incorrect providers, potentially affecting personal information including names and Social Security numbers of impacted patients.
Date Detected: 2023-11-01
Date Publicly Disclosed: 2024-03-28
Type: Data Breach
Attack Vector: Coding Transmission Error
Vulnerability Exploited: Coding Transmission Error
Title: Metropolitan Life Insurance Company Data Breach
Description: The California Office of the Attorney General reported a data breach involving Metropolitan Life Insurance Company on November 16, 2018. The breach occurred on October 18, 2018, when an email containing personal information, including Social Security Numbers, was inadvertently sent to a Benefits Administrator for another MetLife group customer. The specific number of individuals affected is unknown.
Date Detected: 2018-10-18
Date Publicly Disclosed: 2018-11-16
Type: Data Breach
Attack Vector: Email
Vulnerability Exploited: Human Error
Title: MetLife Data Breach
Description: Inadvertent disclosure of personal information including names, Social Security numbers, and group life coverage election amounts.
Date Detected: 2017-11-09
Date Publicly Disclosed: 2017-12-15
Type: Data Breach
Attack Vector: Inadvertent Disclosure
Title: Metropolitan Life Insurance Company Data Breach
Description: The California Office of the Attorney General reported on August 10, 2020, that Metropolitan Life Insurance Company experienced a data breach on July 24, 2020, involving the inadvertent disclosure of personal information, including names, Social Security numbers, and premium refund information. Approximately one individual was affected by this incident.
Date Detected: 2020-07-24
Date Publicly Disclosed: 2020-08-10
Type: Data Breach
Title: Metropolitan Life Insurance Company Data Breach Due to Coding Transmission Error
Description: On April 22, 2024, the California Office of the Attorney General reported a data breach involving Metropolitan Life Insurance Company that occurred on November 18, 2023. The breach was due to a coding transmission error that misdirected electronic dental claim information, potentially involving personal data such as names and Social Security numbers of affected patients, although the exact number of individuals impacted was not specified.
Date Publicly Disclosed: 2024-04-22
Type: Data Breach
Vulnerability Exploited: Coding transmission error
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident ?
Incident : Ransomware Attack MET851032025
Financial Loss: $2,268,000
Downtime: 27 days
Operational Impact: Significant Operational Disruption
Brand Reputation Impact: Substantial Reputational Damage
Incident : Data Breach MET332071725
Data Compromised: Social security numbers (ssn), Account numbers
Incident : Data Breach MET502072525
Data Compromised: Names, Social security numbers
Incident : Data Breach MET305072625
Data Compromised: Social security numbers
Incident : Data Breach MET414072625
Data Compromised: Names, Social security numbers, Group life coverage election amounts
Incident : Data Breach MET636072625
Data Compromised: Names, Social security numbers, Premium refund information
Incident : Data Breach MET416090725
Identity Theft Risk: True
What is the average financial loss per incident ?
Average Financial Loss: The average financial loss per incident is $324.00 thousand.
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Social Security Numbers (Ssn), Account Numbers, , Names, Social Security Numbers, , Social Security Numbers, , Names, Social Security Numbers, Group Life Coverage Election Amounts, , Names, Social Security Numbers, Premium Refund Information, , Personal Data (Names), Social Security Numbers, Electronic Dental Claim Information and .
Which entities were affected by each incident ?
Incident : Ransomware Attack MET851032025
Entity Name: MetLife
Entity Type: Insurance Company
Industry: Insurance
Incident : Data Breach MET332071725
Entity Name: MetLife
Entity Type: Insurance Company
Industry: Insurance
Customers Affected: 13
Incident : Data Breach MET502072525
Entity Name: Metropolitan Life Insurance Company
Entity Type: Insurance Company
Industry: Insurance
Incident : Data Breach MET305072625
Entity Name: Metropolitan Life Insurance Company
Entity Type: Insurance Company
Industry: Insurance
Incident : Data Breach MET414072625
Entity Name: MetLife
Entity Type: Insurance Company
Industry: Insurance
Incident : Data Breach MET636072625
Entity Name: Metropolitan Life Insurance Company
Entity Type: Insurance Company
Industry: Insurance
Customers Affected: 1
Incident : Data Breach MET416090725
Entity Name: Metropolitan Life Insurance Company
Entity Type: Insurance Company
Industry: Insurance / Healthcare (Dental Claims)
Location: United States (California)
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach MET332071725
Type of Data Compromised: Social security numbers (ssn), Account numbers
Number of Records Exposed: 13
Sensitivity of Data: High
Incident : Data Breach MET502072525
Type of Data Compromised: Names, Social security numbers
Sensitivity of Data: High
Incident : Data Breach MET305072625
Type of Data Compromised: Social security numbers
Sensitivity of Data: High
Incident : Data Breach MET414072625
Type of Data Compromised: Names, Social security numbers, Group life coverage election amounts
Sensitivity of Data: High
Incident : Data Breach MET636072625
Type of Data Compromised: Names, Social security numbers, Premium refund information
Number of Records Exposed: 1
Sensitivity of Data: High
Incident : Data Breach MET416090725
Type of Data Compromised: Personal data (names), Social security numbers, Electronic dental claim information
Sensitivity of Data: High (PII, SSNs)
Ransomware Information
Was ransomware involved in any of the incidents ?
Incident : Ransomware Attack MET851032025
Ransom Demanded: $2,200,000
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Data Breach MET416090725
Regulatory Notifications: California Office of the Attorney General
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : Ransomware Attack MET851032025
Lessons Learned: The need for improved cyber resilience.
What recommendations were made to prevent future incidents ?
Incident : Ransomware Attack MET851032025
Recommendations: Improve cyber resilience to protect critical infrastructure from cyber threats.
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are The need for improved cyber resilience.
What recommendations has the company implemented to improve cybersecurity ?
Implemented Recommendations: The company has implemented the following recommendations to improve cybersecurity: Improve cyber resilience to protect critical infrastructure from cyber threats..
References
Where can I find more information about each incident ?
Incident : Data Breach MET332071725
Source: Massachusetts Office of Consumer Affairs and Business Regulation
Incident : Data Breach MET502072525
Source: California Office of the Attorney General
Date Accessed: 2024-03-28
Incident : Data Breach MET305072625
Source: California Office of the Attorney General
Date Accessed: 2018-11-16
Incident : Data Breach MET636072625
Source: California Office of the Attorney General
Date Accessed: 2020-08-10
Incident : Data Breach MET416090725
Source: California Office of the Attorney General
Date Accessed: 2024-04-22
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Massachusetts Office of Consumer Affairs and Business Regulation, and Source: California Office of the Attorney GeneralDate Accessed: 2024-03-28, and Source: California Office of the Attorney GeneralDate Accessed: 2018-11-16, and Source: California Attorney GeneralDate Accessed: 2017-12-15, and Source: California Office of the Attorney GeneralDate Accessed: 2020-08-10, and Source: California Office of the Attorney GeneralDate Accessed: 2024-04-22.
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Data Breach MET502072525
Root Causes: Coding Transmission Error
Incident : Data Breach MET416090725
Root Causes: Coding transmission error leading to misdirected electronic dental claim information
Additional Questions
General Information
What was the amount of the last ransom demanded ?
Last Ransom Demanded: The amount of the last ransom demanded was $2,200,000.
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident was an RansomHub.
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2016-09-26.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2024-04-22.
Impact of the Incidents
What was the highest financial loss from an incident ?
Highest Financial Loss: The highest financial loss from an incident was $2,268,000.
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Social Security Numbers (SSN), Account Numbers, , Names, Social Security numbers, , Social Security Numbers, , Names, Social Security numbers, Group life coverage election amounts, , names, Social Security numbers, premium refund information, and .
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Group life coverage election amounts, Social Security numbers, Names, Account Numbers, Social Security Numbers (SSN), premium refund information, names and Social Security Numbers.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 14.0.
Ransomware Information
What was the highest ransom demanded in a ransomware incident ?
Highest Ransom Demanded: The highest ransom demanded in a ransomware incident was $2,200,000.
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was The need for improved cyber resilience.
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Improve cyber resilience to protect critical infrastructure from cyber threats..
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are California Attorney General, Massachusetts Office of Consumer Affairs and Business Regulation and California Office of the Attorney General.
Post-Incident Analysis
What was the most significant root cause identified in post-incident analysis ?
Most Significant Root Cause: The most significant root cause identified in post-incident analysis was Coding Transmission Error, Coding transmission error leading to misdirected electronic dental claim information.
.png)
Latest Global CVEs (Not Company-Specific)
Description
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.
Risk Information
cvss4
Base: 7.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
- https://github.com/angular/angular/commit/0276479e7d0e280e0f8d26fa567d3b7aa97a516f
- https://github.com/angular/angular/commit/05fe6686a97fa0bcd3cf157805b3612033f975bc
- https://github.com/angular/angular/commit/3240d856d942727372a705252f7c8c115394a41e
- https://github.com/angular/angular/releases/tag/19.2.16
- https://github.com/angular/angular/releases/tag/20.3.14
- https://github.com/angular/angular/releases/tag/21.0.1
- https://github.com/angular/angular/security/advisories/GHSA-58c5-g7wp-6w37
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 6.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected when working with large buffers. This includes a rule passing a large buffer to a Lua script. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling Lua rules and output scripts, or making sure limits, such as stream.depth.reassembly and HTTP response body limits (response-body-limit), are set to less than half the stack size.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64_data. This issue has been patched in version 8.0.2. A workaround involves disabling rules that use entropy in conjunction with base64_data.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=metlife' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
