METRO/MAKRO
Company Details
Linkedin ID:
metro-makro
Website:
Employees number:
26,312
Number of followers:
222,876
NAICS:
424
Industry Type:
Homepage:
metroag.de
IP Addresses:
0
Company ID:
MET_1212451
Scan Status:
In-progress
METRO/MAKRO Company CyberSecurity Posture
metroag.de
METRO is a leading international wholesale company with food and non-food assortments that specialises in serving the needs of hotels, restaurants and caterers (HoReCa) as well as independent traders. Around the world, METRO has 15 million customers who can choose whether to shop in one of the large-format stores, order online and collect their purchases at the store or have them delivered. METRO also supports the competitiveness of entrepreneurs and independent businesses with digital solutions and thereby contributes to cultural diversity in trade and the hospitality industry. The company operates in more than 30 countries and employs more than 85,000 people worldwide. In financial year 2022/23, METRO generated a group revenue of €31 billion. More information: https://careers.metroag.de Imprint: https://careers.metroag.de/imprint Data Privacy: https://careers.metroag.de/privacy-policy
METRO/MAKRO A.I CyberSecurity Scoring
METRO/MAKRO Risk Score (AI oriented)Between 750 and 799
METRO/MAKRO
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
METRO/MAKRO Global Score (TPRM)XXXX
METRO/MAKRO
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
METRO/MAKRO Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
METRO AG
Cyber Attack
Rankiteo Explanation
Attack threatening the economy of a geographical region
Description: International wholesale giant METRO suffered an infrastructure outages and store payment issues after it was targeted in a cyberattack. IT outages affected stores in Austria, Germany, and France since at least October 17. METRO's IT team immediately started a thorough investigation together with external experts to identify the cause of the interruption of services.
METRO/MAKRO Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for METRO/MAKRO
Incidents vs Wholesale Industry Average (This Year)
No incidents recorded for METRO/MAKRO in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for METRO/MAKRO in 2025.
Incident Types METRO/MAKRO vs Wholesale Industry Avg (This Year)
No incidents recorded for METRO/MAKRO in 2025.
Incident History — METRO/MAKRO (X = Date, Y = Severity)
METRO/MAKRO cyber incidents detection timeline including parent company and subsidiaries
METRO/MAKRO Company Subsidiaries
METRO is a leading international wholesale company with food and non-food assortments that specialises in serving the needs of hotels, restaurants and caterers (HoReCa) as well as independent traders. Around the world, METRO has 15 million customers who can choose whether to shop in one of the large-format stores, order online and collect their purchases at the store or have them delivered. METRO also supports the competitiveness of entrepreneurs and independent businesses with digital solutions and thereby contributes to cultural diversity in trade and the hospitality industry. The company operates in more than 30 countries and employs more than 85,000 people worldwide. In financial year 2022/23, METRO generated a group revenue of €31 billion. More information: https://careers.metroag.de Imprint: https://careers.metroag.de/imprint Data Privacy: https://careers.metroag.de/privacy-policy
Loading...
METRO/MAKRO Similar Companies
Sonepar
Sonepar is an independent family-owned company standing as the world leader in B-to-B distribution of electrical equipment, solutions, and services. In 2024, Sonepar achieved sales of €32.5 billion. Present in 40 countries with a dense network of brands, the Group is leading an ambitious transformat
Ferguson
Since 1953, Ferguson has been a leading source of quality supplies for a variety of industries. We are proud to provide world-class products and services to a customer base that is as vast and varied as our inventory. The professionals we serve help transform the world we live in, and we are their t
Fastenal
By providing three things – truly local service, the world’s largest vending program, and unmatched inventory management – Fastenal saves your business time and money. Who are Fastenal's customers? • Organizations wanting to strengthen their supply chains. • Businesses looking to streamline their
Ferguson
The United States segment operates primarily under the Ferguson brand and provides expertise, solutions, and products, from infrastructure, plumbing and appliances to HVAC, fire, fabrication and more, to residential and non-residential contractors. Our products are delivered through a common network
HD Supply
HD Supply, a wholly owned subsidiary of The Home Depot, is a leading wholesale distribution company serving customers and their communities across the Multifamily, Institutional, Hospitality, Trades, Government Housing, Healthcare, Building Services and Education industries through an expansive netw
Assaí Atacadista
Crescimento, oportunidade, valorização e respeito. Isso é Ser Assaí! Muito prazer, somos o Assaí Atacadista, empresa de atacado de autosserviço que está entre as maiores empregadoras privadas do país, que também carrega uma das Marcas Mais Valiosas do Brasil, segundo o ranking da Interbrand! Hoje,
Rexel, worldwide expert in the multichannel professional distribution of products and services for the energy world, addresses three main markets: residential, commercial, and industrial. The Group supports its residential, commercial, and industrial customers by providing a tailored and scalable ra
Porsche Holding
Porsche Holding Salzburg is the largest and most successful automotive distributor in Europe. Our roots are in Salzburg, but we now also operate in 29 countries on three continents. Our core expertise: global automotive distribution. Our business divisions: automotive wholesale, automotive retail, f
Wesco
At Wesco, we believe life should run smoothly. As a leading provider of business-to-business distribution, logistics services and supply chain solutions, we create a world that you can depend on. Harnessing 100 years of ingenuity and expertise, we increase profitability, improve productivity and mit
.png)
METRO/MAKRO CyberSecurity News
December 24, 2024 08:00 AM
Monaco Cybersecurity Salaries: What Can You Expect to Earn?
Discover cybersecurity salary expectations in Monaco. Learn about average earnings, key roles, and career growth in Monaco's booming...
December 15, 2022 08:00 AM
Makro’s parent company expects cyberattack to cost millions in profit
Makro parent METRO remains occupied with the aftermath of October's cyberattack. The company expects a €40 million to €70 million profit loss as a result of...
October 24, 2022 07:00 AM
Cyberattack on METRO Forces Retailer to Set Up Offline Payment Systems
A cyberattack on METRO has forced the wholesale chain to set up offline payments as it struggles to get its IT infrastructure working...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
METRO/MAKRO CyberSecurity History Information
Official Website of METRO/MAKRO
The official website of METRO/MAKRO is https://careers.metroag.de.
METRO/MAKRO’s AI-Generated Cybersecurity Score
According to Rankiteo, METRO/MAKRO’s AI-generated cybersecurity score is 786, reflecting their Fair security posture.
How many security badges does METRO/MAKRO’ have ?
According to Rankiteo, METRO/MAKRO currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does METRO/MAKRO have SOC 2 Type 1 certification ?
According to Rankiteo, METRO/MAKRO is not certified under SOC 2 Type 1.
Does METRO/MAKRO have SOC 2 Type 2 certification ?
According to Rankiteo, METRO/MAKRO does not hold a SOC 2 Type 2 certification.
Does METRO/MAKRO comply with GDPR ?
According to Rankiteo, METRO/MAKRO is not listed as GDPR compliant.
Does METRO/MAKRO have PCI DSS certification ?
According to Rankiteo, METRO/MAKRO does not currently maintain PCI DSS compliance.
Does METRO/MAKRO comply with HIPAA ?
According to Rankiteo, METRO/MAKRO is not compliant with HIPAA regulations.
Does METRO/MAKRO have ISO 27001 certification ?
According to Rankiteo,METRO/MAKRO is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of METRO/MAKRO
METRO/MAKRO operates primarily in the Wholesale industry.
Number of Employees at METRO/MAKRO
METRO/MAKRO employs approximately 26,312 people worldwide.
Subsidiaries Owned by METRO/MAKRO
METRO/MAKRO presently has no subsidiaries across any sectors.
METRO/MAKRO’s LinkedIn Followers
METRO/MAKRO’s official LinkedIn profile has approximately 222,876 followers.
METRO/MAKRO’s Presence on Crunchbase
No, METRO/MAKRO does not have a profile on Crunchbase.
METRO/MAKRO’s Presence on LinkedIn
Yes, METRO/MAKRO maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/metro-makro.
Cybersecurity Incidents Involving METRO/MAKRO
As of December 30, 2025, Rankiteo reports that METRO/MAKRO has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
METRO/MAKRO has an estimated 6,465 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at METRO/MAKRO ?
Incident Types: The types of cybersecurity incidents that have occurred include Cyber Attack.
How does METRO/MAKRO detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an third party assistance with external experts..
Incident Details
Can you provide details on each incident ?
Title: Cyberattack on METRO Causes Infrastructure Outages and Payment Issues
Description: International wholesale giant METRO suffered an infrastructure outages and store payment issues after it was targeted in a cyberattack.
Date Detected: 2023-10-17
Type: Cyberattack
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Cyber Attack.
Impact of the Incidents
What was the impact of each incident ?
Incident : Cyberattack MET1849291022
Systems Affected: InfrastructurePayment Systems
Downtime: Affected stores in Austria, Germany, and France since at least October 17
Operational Impact: Store payment issues
Which entities were affected by each incident ?
Incident : Cyberattack MET1849291022
Entity Name: METRO
Entity Type: Wholesale Company
Industry: Retail
Location: AustriaGermanyFrance
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Cyberattack MET1849291022
Third Party Assistance: External experts
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through External experts.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Cyberattack MET1849291022
Investigation Status: Ongoing investigation by METRO's IT team and external experts
Post-Incident Analysis
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as External experts.
Additional Questions
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2023-10-17.
Impact of the Incidents
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was InfrastructurePayment Systems.
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was External experts.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing investigation by METRO's IT team and external experts.
.png)
Latest Global CVEs (Not Company-Specific)
Description
A vulnerability was found in Tenda WH450 1.0.0.18. Affected is an unknown function of the file /goform/PPTPUserSetting. Performing manipulation of the argument delno results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made public and could be used.
Risk Information
cvss2
Base: 8.3
Severity: LOW
AV:N/AC:L/Au:M/C:C/I:C/A:C
cvss3
Base: 7.2
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
cvss4
Base: 7.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A vulnerability has been found in Tenda WH450 1.0.0.18. This impacts an unknown function of the file /goform/PPTPServer. Such manipulation of the argument ip1 leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Risk Information
cvss2
Base: 8.3
Severity: LOW
AV:N/AC:L/Au:M/C:C/I:C/A:C
cvss3
Base: 7.2
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
cvss4
Base: 7.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A flaw has been found in omec-project UPF up to 2.1.3-dev. This affects the function handleSessionEstablishmentRequest of the file /pfcpiface/pfcpiface/messages_session.go of the component PFCP Session Establishment Request Handler. This manipulation causes null pointer dereference. The attack may be initiated remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Risk Information
cvss2
Base: 4.0
Severity: LOW
AV:N/AC:L/Au:S/C:N/I:N/A:P
cvss3
Base: 4.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A vulnerability was detected in floooh sokol up to 16cbcc864012898793cd2bc57f802499a264ea40. The impacted element is the function _sg_pipeline_desc_defaults in the library sokol_gfx.h. The manipulation results in stack-based buffer overflow. The attack requires a local approach. The exploit is now public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The patch is identified as 5d11344150973f15e16d3ec4ee7550a73fb995e0. It is advisable to implement a patch to correct this issue.
Risk Information
cvss2
Base: 4.3
Severity: LOW
AV:L/AC:L/Au:S/C:P/I:P/A:P
cvss3
Base: 5.3
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 4.8
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
- https://github.com/floooh/sokol/commit/5d11344150973f15e16d3ec4ee7550a73fb995e0
- https://github.com/floooh/sokol/issues/1405
- https://github.com/floooh/sokol/issues/1406#issuecomment-3649548096
- https://github.com/oneafter/1212/blob/main/hbf1
- https://vuldb.com/?ctiid.338533
- https://vuldb.com/?id.338533
- https://vuldb.com/?submit.719823
Description
A security vulnerability has been detected in PbootCMS up to 3.2.12. The affected element is the function get_user_ip of the file core/function/handle.php of the component Header Handler. The manipulation of the argument X-Forwarded-For leads to use of less trusted source. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used.
Risk Information
cvss2
Base: 5.0
Severity: LOW
AV:N/AC:L/Au:N/C:N/I:P/A:N
cvss3
Base: 5.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
cvss4
Base: 5.5
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=metro-makro' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
