NNOAA
Company Details
Linkedin ID:
noaa
Website:
Employees number:
11,338
Number of followers:
215,400
NAICS:
92
Industry Type:
Homepage:
noaa.gov
IP Addresses:
0
Company ID:
NOA_2165920
Scan Status:
In-progress
NOAA: National Oceanic & Atmospheric Administration Company CyberSecurity Posture
noaa.gov
Welcome! We're the National Oceanic & Atmospheric Administration or NOAA. From daily weather forecasts, severe storm warnings and climate monitoring to fisheries management, coastal restoration and supporting marine commerce, our products and services support economic vitality and affect more than one-third of America’s gross domestic product. NOAA’s dedicated scientists use cutting-edge research and high-tech instrumentation to provide citizens, planners, emergency managers and other decision makers with reliable information they need when they need it. *Looking for your official local weather forecast? Enter your zip code at www.weather.gov or mobile.weather.gov for mobile device users. *Interested in working for NOAA? Find job openings by typing "NOAA" in the search field at www.USAjobs.gov. Connect with us on social media: Twitter: @NOAA Facebook: www.facebook.com/noaa Instagram: www.instagram.com/noaa YouTube: www.youtube.com/noaa LinkedIn: www.linkedin.com/company/noaa For a list of NOAA's major social media channels by mission area, please visit www.noaa.gov/stay-connected
NOAA: National Oceanic & Atmospheric Administration A.I CyberSecurity Scoring
NNOAA Risk Score (AI oriented)Between 750 and 799
NNOAA
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
NNOAA Global Score (TPRM)XXXX
NNOAA
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
NNOAA Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
NOAA: National Oceanic & Atmospheric Administration
Breach
Rankiteo Explanation
Attack threatening the organization’s existence
Description: A Russian-speaking black hat hacker known as Rasputin hacked the computer networks of over 60 institutions and US government entities, according to threat intelligence firm Recorded Future. Rasputin breaches target systems using SQL injection flaws, stealing confidential data that he then sells on underground marketplaces for crimes. Numerous US government entities, more than two dozen US universities, and ten UK universities were among the many victims of the Rasputins that Recorded Future researchers were able to identify. The Department of Housing and Urban Development, the National Oceanic and Atmospheric Administration, the Postal Regulatory Commission, and the Health Resources and Services Administration are among the organisations on the victim list.
NNOAA Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for NNOAA
Incidents vs Government Administration Industry Average (This Year)
No incidents recorded for NOAA: National Oceanic & Atmospheric Administration in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for NOAA: National Oceanic & Atmospheric Administration in 2025.
Incident Types NNOAA vs Government Administration Industry Avg (This Year)
No incidents recorded for NOAA: National Oceanic & Atmospheric Administration in 2025.
Incident History — NNOAA (X = Date, Y = Severity)
NNOAA cyber incidents detection timeline including parent company and subsidiaries
NNOAA Company Subsidiaries
Welcome! We're the National Oceanic & Atmospheric Administration or NOAA. From daily weather forecasts, severe storm warnings and climate monitoring to fisheries management, coastal restoration and supporting marine commerce, our products and services support economic vitality and affect more than one-third of America’s gross domestic product. NOAA’s dedicated scientists use cutting-edge research and high-tech instrumentation to provide citizens, planners, emergency managers and other decision makers with reliable information they need when they need it. *Looking for your official local weather forecast? Enter your zip code at www.weather.gov or mobile.weather.gov for mobile device users. *Interested in working for NOAA? Find job openings by typing "NOAA" in the search field at www.USAjobs.gov. Connect with us on social media: Twitter: @NOAA Facebook: www.facebook.com/noaa Instagram: www.instagram.com/noaa YouTube: www.youtube.com/noaa LinkedIn: www.linkedin.com/company/noaa For a list of NOAA's major social media channels by mission area, please visit www.noaa.gov/stay-connected
Loading...
NNOAA Similar Companies
Department of Health (Philippines)
The Philippine Department of Health (abbreviated as DOH; Filipino: Kagawaran ng Kalusugan) is the executive department of the Philippine government responsible for ensuring access to basic public health services by all Filipinos through the provision of quality health care and the regulation of all
Ministry of Environment and Urbanism
MINISTRY of ENVIRONMENT and URBANISM (MEU) MAIN SERVICE UNITS ================== 1) General Directorate of Construction Works 2) General Directorate of Spatial Planning 3) General Directorate of Environmental Management 4) General Directorate of EIA, Permits and Control 5) General Directo
UK Home Office
At the Home Office, we help to ensure that the country is safe and secure. We’ve been looking after UK citizens since 1782. We are responsible for: - working on the problems caused by illegal drug use - shaping the alcohol strategy, policy and licensing conditions - keeping the United Kingdom safe
City of Los Angeles
The City of Los Angeles employs more than 45,000 people in a wide range of careers. Visit our website for information on current openings, including regular civil service positions, exempt and emergency appointment opportunities, in addition to internships! The City of Los Angeles is a Mayor-Counci
Queensland Government
We are the largest and most diverse organisation in our state. We have more than 90 government departments and organisations providing essential services across 4000+ locations—from the Torres Strait to the Gold Coast; Mount Isa to Brisbane. We are passionate about making Queensland better through
Workingfor.be
Workingfor.be is the job platform of the federal administration. Here, you will find a wide variety of jobs in different fields of profession. Every day thousands of our employees help build tomorrow's society. When you choose the federal administration, you choose an employer who embraces you
IBGE
The Brazilian Institute of Geography and Statistics or IBGE (Portuguese: Instituto Brasileiro de Geografia e Estatística), is the agency responsible for statistical, geographic, cartographic, geodetic and environmental information in Brazil. The IBGE performs a national census every ten years, and t
State of Ohio
Employment with the State of Ohio is more than ‘just a job’ – it is a privilege to serve our families, friends and neighbors who rely on us throughout our great state. We are a team of dedicated public servants committed to high performance, innovative thinking, and delivering excellent and efficien
USDA
The United States Department of Agriculture is the United States federal executive department responsible for developing and executing U.S. federal government policy on farming, agriculture, and food. It aims to meet the needs of farmers and ranchers, promote agricultural trade and production, work
.png)
NNOAA CyberSecurity News
December 12, 2025 11:37 AM
NOAA keeps the Great Lakes great
I'll never forget the invasion of the zebra mussels. I remember walking on the beach at Lake Huron, not far from our family cottage,...
December 11, 2025 07:19 PM
NOAA Shares First Space Weather Data from SWFO-L1’s Magnetometer
The Magnetometer (MAG) onboard the Space Weather Follow On – Lagrange 1 (SWFO-L1) observatory is performing well and has begun sending...
December 11, 2025 07:13 PM
NOAA Shares First SWFO-L1 Space Weather Data from SWiPS
The Solar Wind Plasma Sensor (SWiPS) onboard the Space Weather Follow On – Lagrange 1 (SWFO-L1) observatory is now sending back data.
December 11, 2025 06:16 PM
La Niña likely for next month, NOAA says. Here’s what it means for winter weather
The climate phenomenon is expected to "continue for the next month or two," national forecasters said in an update Thursday.
December 11, 2025 04:11 PM
Inside the Storm: Meet the NOAA team behind hurricane research
Hurricanes are among some of the most destructive natural disasters and pose major risks to coastlines. Given warming oceans, increasing...
December 11, 2025 02:26 PM
Hurricane season 2025: NOS innovations in preparedness and response
The 2025 hurricane season has officially concluded, and NOS teams were there every step of the way, helping on the ground, from the sea,...
December 10, 2025 08:14 PM
NOAA predicts Elwha River will experience major flooding Wednesday afternoon
BY PEPPER FISHER. Clallam County – As the rain continues in our region, the National Oceanic and Atmospheric Administration (NOAA) on...
December 10, 2025 06:49 PM
NOAA, almanac predict warmer, drier winter for region
The forecast from The Old Farmer's Almanac largely lines up with that outlook for the region, which includes cities from Washington D.C. to...
December 10, 2025 05:49 PM
As NOAA funding lags, a critical ocean weather system nears a breaking point
Years of underfunding and new grant delays may force cutbacks on coastal weather and ocean monitoring that fishermen, forecasters,...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
NNOAA CyberSecurity History Information
Official Website of NOAA: National Oceanic & Atmospheric Administration
The official website of NOAA: National Oceanic & Atmospheric Administration is http://www.noaa.gov.
NOAA: National Oceanic & Atmospheric Administration’s AI-Generated Cybersecurity Score
According to Rankiteo, NOAA: National Oceanic & Atmospheric Administration’s AI-generated cybersecurity score is 777, reflecting their Fair security posture.
How many security badges does NOAA: National Oceanic & Atmospheric Administration’ have ?
According to Rankiteo, NOAA: National Oceanic & Atmospheric Administration currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does NOAA: National Oceanic & Atmospheric Administration have SOC 2 Type 1 certification ?
According to Rankiteo, NOAA: National Oceanic & Atmospheric Administration is not certified under SOC 2 Type 1.
Does NOAA: National Oceanic & Atmospheric Administration have SOC 2 Type 2 certification ?
According to Rankiteo, NOAA: National Oceanic & Atmospheric Administration does not hold a SOC 2 Type 2 certification.
Does NOAA: National Oceanic & Atmospheric Administration comply with GDPR ?
According to Rankiteo, NOAA: National Oceanic & Atmospheric Administration is not listed as GDPR compliant.
Does NOAA: National Oceanic & Atmospheric Administration have PCI DSS certification ?
According to Rankiteo, NOAA: National Oceanic & Atmospheric Administration does not currently maintain PCI DSS compliance.
Does NOAA: National Oceanic & Atmospheric Administration comply with HIPAA ?
According to Rankiteo, NOAA: National Oceanic & Atmospheric Administration is not compliant with HIPAA regulations.
Does NOAA: National Oceanic & Atmospheric Administration have ISO 27001 certification ?
According to Rankiteo,NOAA: National Oceanic & Atmospheric Administration is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of NOAA: National Oceanic & Atmospheric Administration
NOAA: National Oceanic & Atmospheric Administration operates primarily in the Government Administration industry.
Number of Employees at NOAA: National Oceanic & Atmospheric Administration
NOAA: National Oceanic & Atmospheric Administration employs approximately 11,338 people worldwide.
Subsidiaries Owned by NOAA: National Oceanic & Atmospheric Administration
NOAA: National Oceanic & Atmospheric Administration presently has no subsidiaries across any sectors.
NOAA: National Oceanic & Atmospheric Administration’s LinkedIn Followers
NOAA: National Oceanic & Atmospheric Administration’s official LinkedIn profile has approximately 215,400 followers.
NAICS Classification of NOAA: National Oceanic & Atmospheric Administration
NOAA: National Oceanic & Atmospheric Administration is classified under the NAICS code 92, which corresponds to Public Administration.
NOAA: National Oceanic & Atmospheric Administration’s Presence on Crunchbase
No, NOAA: National Oceanic & Atmospheric Administration does not have a profile on Crunchbase.
NOAA: National Oceanic & Atmospheric Administration’s Presence on LinkedIn
Yes, NOAA: National Oceanic & Atmospheric Administration maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/noaa.
Cybersecurity Incidents Involving NOAA: National Oceanic & Atmospheric Administration
As of December 19, 2025, Rankiteo reports that NOAA: National Oceanic & Atmospheric Administration has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
NOAA: National Oceanic & Atmospheric Administration has an estimated 11,744 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at NOAA: National Oceanic & Atmospheric Administration ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
Incident Details
Can you provide details on each incident ?
Title: Rasputin Cyber Attack on US and UK Institutions
Description: A Russian-speaking black hat hacker known as Rasputin hacked the computer networks of over 60 institutions and US government entities, according to threat intelligence firm Recorded Future. Rasputin breaches target systems using SQL injection flaws, stealing confidential data that he then sells on underground marketplaces for crimes. Numerous US government entities, more than two dozen US universities, and ten UK universities were among the many victims of the Rasputins that Recorded Future researchers were able to identify. The Department of Housing and Urban Development, the National Oceanic and Atmospheric Administration, the Postal Regulatory Commission, and the Health Resources and Services Administration are among the organisations on the victim list.
Type: Data Breach
Attack Vector: SQL Injection
Vulnerability Exploited: SQL Injection Flaws
Threat Actor: Rasputin
Motivation: Financial Gain
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through SQL Injection Flaws.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach NOA1313191123
Data Compromised: Confidential Data
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Confidential Data.
Which entities were affected by each incident ?
Incident : Data Breach NOA1313191123
Entity Name: Department of Housing and Urban Development
Entity Type: Government Entity
Industry: Government
Location: US
Incident : Data Breach NOA1313191123
Entity Name: National Oceanic and Atmospheric Administration
Entity Type: Government Entity
Industry: Government
Location: US
Incident : Data Breach NOA1313191123
Entity Name: Postal Regulatory Commission
Entity Type: Government Entity
Industry: Government
Location: US
Incident : Data Breach NOA1313191123
Entity Name: Health Resources and Services Administration
Entity Type: Government Entity
Industry: Government
Location: US
Incident : Data Breach NOA1313191123
Entity Name: More than two dozen US universities
Entity Type: Educational Institution
Industry: Education
Location: US
Incident : Data Breach NOA1313191123
Entity Name: Ten UK universities
Entity Type: Educational Institution
Industry: Education
Location: UK
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach NOA1313191123
Type of Data Compromised: Confidential Data
Data Exfiltration: Yes
References
Where can I find more information about each incident ?
Incident : Data Breach NOA1313191123
Source: Recorded Future
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Recorded Future.
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Data Breach NOA1313191123
Entry Point: SQL Injection Flaws
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident was an Rasputin.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident was Confidential Data.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach was Confidential Data.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident is Recorded Future.
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker was an SQL Injection Flaws.
.png)
Latest Global CVEs (Not Company-Specific)
Description
Improper Authorization (CWE-285) in Kibana can lead to privilege escalation (CAPEC-233) by allowing an authenticated user to bypass intended permission restrictions via a crafted HTTP request. This allows an attacker who lacks the live queries - read permission to successfully retrieve the list of live queries.
Risk Information
cvss3
Base: 4.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Description
Weblate is a web based localization tool. In versions prior to 5.15.1, it was possible to overwrite Git configuration remotely and override some of its behavior. Version 5.15.1 fixes the issue.
Risk Information
cvss3
Base: 9.1
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Description
Allocation of Resources Without Limits or Throttling (CWE-770) in Elasticsearch can allow an authenticated user with snapshot restore privileges to cause Excessive Allocation (CAPEC-130) of memory and a denial of service (DoS) via crafted HTTP request.
Risk Information
cvss3
Base: 4.9
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Description
Allocation of Resources Without Limits or Throttling (CWE-770) in Kibana can allow a low-privileged authenticated user to cause Excessive Allocation (CAPEC-130) of computing resources and a denial of service (DoS) of the Kibana process via a crafted HTTP request.
Risk Information
cvss3
Base: 6.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Description
Improper neutralization of input during web page generation ('Cross-site Scripting') (CWE-79) allows an unauthenticated user to embed a malicious script in content that will be served to web browsers causing cross-site scripting (XSS) (CAPEC-63) via a vulnerability a function handler in the Vega AST evaluator.
Risk Information
cvss3
Base: 6.1
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=noaa' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
