MFC
Company Details
Linkedin ID:
mossack-fonseca-&-co-
Website:
Employees number:
112
Number of followers:
2,257
NAICS:
5411
Industry Type:
Homepage:
mossfon.com
IP Addresses:
0
Company ID:
MOS_2924198
Scan Status:
In-progress
Mossack Fonseca & Co. Company CyberSecurity Posture
mossfon.com
Established in 1977, Mossack Fonseca has become a global leader in the creation of legal structures designed for asset protection, management and control. Over 450 employees worldwide. MISSION To deliver to our global client base, an integrated approach involving legal, fiduciary, investment advisory and digital solutions, of a qualified and reliable nature, through the various business components within the MF group, our worldwide network of offices, a highly skilled staff, our trademark utilization of technology, in order to satisfy client demand by adding value, and at the same time generate returns for our directors, employees and community in general. VISSION To be recognized as THE local and international leader in the provision of legal, trust, investment advisory and digital solutions; by virtue of our established business network, and through our continuing commitment to client satisfaction and excellence. CORE VALUES Discipline, Responsibility, Efficiency, Initiative, Honesty, Loyalty, Commitment, Innovation, Excellence in Client Satisfaction.
Mossack Fonseca & Co. A.I CyberSecurity Scoring
MFC Risk Score (AI oriented)Between 700 and 749
MFC
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
MFC Global Score (TPRM)XXXX
MFC
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
MFC Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
Mossack Fonseca & Co.
Data Leak
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: The Panama Papers are an enormous collection of legally secret documents that were posted online by the Panamanian legal firm Mossack Fonseca. Over 11.5 million files, including 2.6 Terabytes of data pertaining to the operations of offshore shell firms utilised by the world's most influential individuals, are contained in the firm's full collection. Ramon Fonseca, a co-founder of the Mossack Fonseca law firm, attested to the validity of the leaked documents to Channel 2 in Panama. The International Consortium of Investigative Journalists (ICIJ) and an unnamed source turned over the Panama Papers documents to the German publication Suddeutsche Zeitung.
MFC Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for MFC
Incidents vs Legal Services Industry Average (This Year)
No incidents recorded for Mossack Fonseca & Co. in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Mossack Fonseca & Co. in 2025.
Incident Types MFC vs Legal Services Industry Avg (This Year)
No incidents recorded for Mossack Fonseca & Co. in 2025.
Incident History — MFC (X = Date, Y = Severity)
MFC cyber incidents detection timeline including parent company and subsidiaries
MFC Company Subsidiaries
Established in 1977, Mossack Fonseca has become a global leader in the creation of legal structures designed for asset protection, management and control. Over 450 employees worldwide. MISSION To deliver to our global client base, an integrated approach involving legal, fiduciary, investment advisory and digital solutions, of a qualified and reliable nature, through the various business components within the MF group, our worldwide network of offices, a highly skilled staff, our trademark utilization of technology, in order to satisfy client demand by adding value, and at the same time generate returns for our directors, employees and community in general. VISSION To be recognized as THE local and international leader in the provision of legal, trust, investment advisory and digital solutions; by virtue of our established business network, and through our continuing commitment to client satisfaction and excellence. CORE VALUES Discipline, Responsibility, Efficiency, Initiative, Honesty, Loyalty, Commitment, Innovation, Excellence in Client Satisfaction.
Loading...
MFC Similar Companies
Wormser Casey
Wormser Casey is a boutique law firm based in Indianapolis, founded to serve clients in three core areas of the law: business, real estate, and private securities. We counsel businesses at every stage in their life cycle, from start-ups to emerging and established businesses. Our clients work in a
Condor Global HR & Migration
With more than 16 years combined experience we have seen just about everything and we pride ourselves on avoiding the mistakes we have seen other agencies make. Our mission is to do good things one client at a time. We are not interested in becoming the biggest firm, rather, our mission is to be th
Drake, Hileman & Davis, PC
Drake Hileman & Davis is a general practice law firm specializing in personal injury law, with offices and locations in Doylestown, Allentown, Bethlehem, Easton and Stroudsburg in Pennsylvania. The firm originated in 1985 and has grown to eight attorneys. Attorneys in the firm are admitted to pra
Anderson Reynard LLP
Anderson Reynard LLP is a firm which practices in the areas of estate planning, trust and probate law and related tax, business, real estate and litigation issues. The law firm offers custom estate planning for individuals and families to optimize personal planning and minimize estate costs, fees an
Fakhoury Global Immigration
Fakhoury Global Immigration (FGI) specializes in U.S. and global based business immigration. The firm’s client list consists of the world's most innovative brands ranging from the Automotive, IT, Engineering & Healthcare industries. FGI’s global staff is comprised of 100 attorneys, paralegals and im
First Choice Legal & Services
First Choice Legal & Services is Chiang Mai's First One Stop Service Center For all your legal needs. American Managed English speaking professionals First time consultation FREE Our premier law firm offers the widest range of legal services in Chiang Mai and surrounding provinces . Our firm p
.png)
MFC CyberSecurity News
June 21, 2025 07:00 AM
New Panama Papers Inquiry Reveals Details of Hungary’s Golden Visa Program
A businessman involved in the controversial Hungarian residence program told Mossack Fonseca that he believes the Chinese government is behind one of the...
December 21, 2024 08:00 AM
Mossack Fonseca offices in Panama raided – Jersey police won’t say if local raids to follow
Mossack Fonseca offices in Panama raided – Jersey police won't say if local raids to follow. Police in Panama have raided the offices of Mossack...
December 21, 2024 08:00 AM
More "Panama Papers" revelations next week
Details of more than 200,000 secret offshore entities and the people behind them will be revealed next week in a searchable database,...
July 03, 2024 07:00 AM
Panama’s new president labels Panama Papers a ‘hoax’ as experts voice concerns about money laundering acquittals
After a Panamanian judge cleared 28 defendants in a trial linked to ICIJ's 2016 investigation, experts call for more resources to prosecute...
July 01, 2024 07:00 AM
Judge Absolves All 28 Accused, Including Mossack Fonseca Lawyers, In Panama Papers Case
Judge Absolves All 28 Accused, Including Mossack Fonseca Lawyers, In Panama Papers Case. A Brazilian judge has absolved all 28 people accused in...
July 01, 2024 07:00 AM
Leader of hacked ‘Panama Papers’ law firm is one of 28 people acquitted
A Panamanian judge has acquitted 28 people, including a founder of Mossack Fonseca, in a money laundering case partly stemming from documents hacked from the...
June 29, 2024 07:00 AM
Defendants Acquitted in Panama Papers Money-Laundering Trial (Published 2024)
A Panamanian judge on Friday acquitted all 28 defendants, among them former employees of the law firm Mossack Fonseca, the source of the leaked documents.
June 29, 2024 07:00 AM
Panamanian court acquits 28 people tied to 'Panama Papers' scandal
A Panamanian court on Friday acquitted 28 people charged with money laundering in relation to the now-defunct law firm Mossack Fonseca.
June 29, 2024 07:00 AM
Judge acquits 28 people accused in Panama Papers case, including law firm co-founder
A judge has acquitted 28 people accused of money laundering in an international case known as the Panama Papers, including the co-founder of a law firm.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
MFC CyberSecurity History Information
Official Website of Mossack Fonseca & Co.
The official website of Mossack Fonseca & Co. is http://www.mossfon.com/.
Mossack Fonseca & Co.’s AI-Generated Cybersecurity Score
According to Rankiteo, Mossack Fonseca & Co.’s AI-generated cybersecurity score is 738, reflecting their Moderate security posture.
How many security badges does Mossack Fonseca & Co.’ have ?
According to Rankiteo, Mossack Fonseca & Co. currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Mossack Fonseca & Co. have SOC 2 Type 1 certification ?
According to Rankiteo, Mossack Fonseca & Co. is not certified under SOC 2 Type 1.
Does Mossack Fonseca & Co. have SOC 2 Type 2 certification ?
According to Rankiteo, Mossack Fonseca & Co. does not hold a SOC 2 Type 2 certification.
Does Mossack Fonseca & Co. comply with GDPR ?
According to Rankiteo, Mossack Fonseca & Co. is not listed as GDPR compliant.
Does Mossack Fonseca & Co. have PCI DSS certification ?
According to Rankiteo, Mossack Fonseca & Co. does not currently maintain PCI DSS compliance.
Does Mossack Fonseca & Co. comply with HIPAA ?
According to Rankiteo, Mossack Fonseca & Co. is not compliant with HIPAA regulations.
Does Mossack Fonseca & Co. have ISO 27001 certification ?
According to Rankiteo,Mossack Fonseca & Co. is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Mossack Fonseca & Co.
Mossack Fonseca & Co. operates primarily in the Legal Services industry.
Number of Employees at Mossack Fonseca & Co.
Mossack Fonseca & Co. employs approximately 112 people worldwide.
Subsidiaries Owned by Mossack Fonseca & Co.
Mossack Fonseca & Co. presently has no subsidiaries across any sectors.
Mossack Fonseca & Co.’s LinkedIn Followers
Mossack Fonseca & Co.’s official LinkedIn profile has approximately 2,257 followers.
NAICS Classification of Mossack Fonseca & Co.
Mossack Fonseca & Co. is classified under the NAICS code 5411, which corresponds to Legal Services.
Mossack Fonseca & Co.’s Presence on Crunchbase
No, Mossack Fonseca & Co. does not have a profile on Crunchbase.
Mossack Fonseca & Co.’s Presence on LinkedIn
Yes, Mossack Fonseca & Co. maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/mossack-fonseca-&-co-.
Cybersecurity Incidents Involving Mossack Fonseca & Co.
As of November 30, 2025, Rankiteo reports that Mossack Fonseca & Co. has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
Mossack Fonseca & Co. has an estimated 7,392 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Mossack Fonseca & Co. ?
Incident Types: The types of cybersecurity incidents that have occurred include Data Leak.
Incident Details
Can you provide details on each incident ?
Title: Panama Papers Data Leak
Description: The Panama Papers are an enormous collection of legally secret documents that were posted online by the Panamanian legal firm Mossack Fonseca. Over 11.5 million files, including 2.6 Terabytes of data pertaining to the operations of offshore shell firms utilised by the world's most influential individuals, are contained in the firm's full collection. Ramon Fonseca, a co-founder of the Mossack Fonseca law firm, attested to the validity of the leaked documents to Channel 2 in Panama. The International Consortium of Investigative Journalists (ICIJ) and an unnamed source turned over the Panama Papers documents to the German publication Suddeutsche Zeitung.
Type: Data Breach
Threat Actor: Unknown
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Data Leak.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach MOS2154271023
Data Compromised: 11.5 million files, including 2.6 Terabytes of data
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Legally secret documents.
Which entities were affected by each incident ?
Incident : Data Breach MOS2154271023
Entity Name: Mossack Fonseca
Entity Type: Legal Firm
Industry: Legal
Location: Panama
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach MOS2154271023
Type of Data Compromised: Legally secret documents
Number of Records Exposed: 11.5 million files
Sensitivity of Data: High
References
Where can I find more information about each incident ?
Incident : Data Breach MOS2154271023
Source: Suddeutsche Zeitung
Incident : Data Breach MOS2154271023
Source: Channel 2 in Panama
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Suddeutsche Zeitung, and Source: Channel 2 in Panama.
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident was an Unknown.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were 11.5 million files and including 2.6 Terabytes of data.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were 11.5 million files and including 2.6 Terabytes of data.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 11.5M.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are Channel 2 in Panama and Suddeutsche Zeitung.
.png)
Latest Global CVEs (Not Company-Specific)
Description
A vulnerability was determined in motogadget mo.lock Ignition Lock up to 20251125. Affected by this vulnerability is an unknown functionality of the component NFC Handler. Executing manipulation can lead to use of hard-coded cryptographic key . The physical device can be targeted for the attack. A high complexity level is associated with this attack. The exploitation appears to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.
Risk Information
cvss2
Base: 1.2
Severity: HIGH
AV:L/AC:H/Au:N/C:P/I:N/A:N
cvss3
Base: 2.0
Severity: HIGH
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss4
Base: 1.0
Severity: HIGH
CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
OrangeHRM is a comprehensive human resource management (HRM) system. From version 5.0 to 5.7, the interview attachment retrieval endpoint in the Recruitment module serves files based solely on an authenticated session and user-supplied identifiers, without verifying whether the requester has permission to access the associated interview record. Because the server does not perform any recruitment-level authorization checks, an ESS-level user with no access to recruitment workflows can directly request interview attachment URLs and receive the corresponding files. This exposes confidential interview documents—including candidate CVs, evaluations, and supporting files—to unauthorized users. The issue arises from relying on predictable object identifiers and session presence rather than validating the user’s association with the relevant recruitment process. This issue has been patched in version 5.8.
Risk Information
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
OrangeHRM is a comprehensive human resource management (HRM) system. From version 5.0 to 5.7, the application’s recruitment attachment retrieval endpoint does not enforce the required authorization checks before serving candidate files. Even users restricted to ESS-level access, who have no permission to view the Recruitment module, can directly access candidate attachment URLs. When an authenticated request is made to the attachment endpoint, the system validates the session but does not confirm that the requesting user has the necessary recruitment permissions. As a result, any authenticated user can download CVs and other uploaded documents for arbitrary candidates by issuing direct requests to the attachment endpoint, leading to unauthorized exposure of sensitive applicant data. This issue has been patched in version 5.8.
Risk Information
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
OrangeHRM is a comprehensive human resource management (HRM) system. From version 5.0 to 5.7, the application does not invalidate existing sessions when a user is disabled or when a password change occurs, allowing active session cookies to remain valid indefinitely. As a result, a disabled user, or an attacker using a compromised account, can continue to access protected pages and perform operations as long as a prior session remains active. Because the server performs no session revocation or session-store cleanup during these critical state changes, disabling an account or updating credentials has no effect on already-established sessions. This makes administrative disable actions ineffective and allows unauthorized users to retain full access even after an account is closed or a password is reset, exposing the system to prolonged unauthorized use and significantly increasing the impact of account takeover scenarios. This issue has been patched in version 5.8.
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
OrangeHRM is a comprehensive human resource management (HRM) system. From version 5.0 to 5.7, the password reset workflow does not enforce that the username submitted in the final reset request matches the account for which the reset process was originally initiated. After obtaining a valid reset link for any account they can receive email for, an attacker can alter the username parameter in the final reset request to target a different user. Because the system accepts the supplied username without verification, the attacker can set a new password for any chosen account, including privileged accounts, resulting in full account takeover. This issue has been patched in version 5.8.
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=mossack-fonseca-&-co-' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
