PCD
Company Details
Linkedin ID:
parfums-christian-dior
Website:
Employees number:
8,441
Number of followers:
853,239
NAICS:
32562
Industry Type:
Homepage:
dior.com
IP Addresses:
0
Company ID:
PAR_2034784
Scan Status:
In-progress
Parfums Christian Dior Company CyberSecurity Posture
dior.com
Christian Dior described himself as a fashion and perfume designer. The House of Dior, founded in 1946, changed the face of style forever when its New Look was unveiled in the halls of 30 Avenue Montaigne on February 12th, 1947. The revolutionary look was accompanied by a fragrance, Miss Dior. This timeless perfume was the first fragrance created by a visionary brand which invented the concept of global beauty. The spirit of Dior is reflected in each of the House's products and in the care taken at every stage of their production. From Grasse to Paris to the Dior Gardens, Parfums Christian Dior enhances the most beautiful ingredients so that each of its creations helps shape its global aura. The House of Dior embodies passion, excellence, creativity, diversity, and collaboration. These values, so dear to the House, are at the heart of all Parfums Christian Dior’s activities. The Dior spirit is characterized by a professional environment of excellence where innovation and know-how have a primordial place. Day after day, all the Dior teams around the world are encouraged to be visionary, creative, audacious and agile. Thus, the House of Dior has always invested in employees to reveal their talent and personality, to build together, the Dior of tomorrow.
Parfums Christian Dior A.I CyberSecurity Scoring
PCD Risk Score (AI oriented)Between 600 and 649
PCD
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
PCD Global Score (TPRM)XXXX
PCD
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
PCD Company CyberSecurity News & History
Past Incidents
4
Attack Types
2
Dior
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The House of Dior (Dior) experienced a data breach on January 26, 2025, which was discovered on May 7, 2025. The incident compromised personal information of U.S. customers, including full names, contact details, physical addresses, dates of birth, passport or government ID numbers, and Social Security Numbers. No payment details were compromised. Dior took steps to contain the incident and engaged law enforcement and third-party cybersecurity experts. Customers were advised to be vigilant against scams and offered a 24-month credit monitoring service.
Dior (Shanghai unit)
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The Cyberspace Administration of China penalized **Dior’s Shanghai unit** for illegally transferring **customers' personal data** (names, gender, phone numbers, emails, mailing addresses, purchase history, and consumption preferences) to its **Paris headquarters without authorization, security assessments, or proper consent mechanisms**. The breach, detected on **May 7**, involved an **unauthorized external party accessing and exfiltrating the data**, prompting Dior to notify affected customers via warning messages on **May 12**. Investigations revealed **three key violations**: (1) **unauthorized cross-border data transfer** without mandatory security assessments or contractual safeguards, (2) **failure to inform customers** about data handling by the recipient (Paris HQ) or obtain explicit consent, and (3) **absence of critical security measures** like encryption and de-identification. The incident highlights systemic vulnerabilities in luxury brands’ **digital transformation efforts**, including **poor data governance, fragmented storage, and weak access controls**. While penalties remain undisclosed, the breach underscores **regulatory non-compliance** under China’s **Personal Information Protection Law (PIPL)** and risks **reputational damage, legal repercussions, and customer distrust**. The case mirrors broader industry trends, with peers like **Cartier and Louis Vuitton** facing similar breaches in 2024, signaling persistent gaps in **data protection frameworks** among high-profile brands.
Dior (Shanghai branch)
Breach
Rankiteo Explanation
Attack threatening the organization’s existence
Description: Dior’s Shanghai branch was fined for violating China’s cybersecurity regulations after transferring customer data to its French headquarters without adhering to mandatory security protocols. The incident involved unauthorized cross-border data transfer, lacking proper encryption, customer disclosure, or regulatory approvals. This breach exposed sensitive personal information, undermining compliance with China’s strict data localization and protection laws. The case highlights the government’s zero-tolerance stance on data mismanagement, particularly for multinational corporations operating in China. Authorities emphasized that such violations threaten national data security and social stability, reinforcing the urgency of the newly implemented *National Cybersecurity Incident Reporting Management Measures*. The financial and reputational fallout for Dior serves as a warning to other foreign entities about the critical need for adherence to China’s evolving cybersecurity framework, where non-compliance risks severe legal penalties and operational disruptions.
Dior
Cyber Attack
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: In February 2025, Dior’s **official Instagram account was hacked**, allowing attackers to post fraudulent content promoting a fake cryptocurrency called *‘Dior Official Coin’* via an external link. While many followers identified the scam early, some were deceived, resulting in **financial losses**. The breach exploited Dior’s high-profile status and customer trust, leveraging its luxury brand reputation to lend credibility to the fraudulent scheme. The incident highlights a broader trend in 2025 where **retail and luxury brands face escalating cyber threats**, particularly targeting **customer data** (e.g., purchase histories, preferences, contact details) for **psychological manipulation** in phishing attacks. Experts warn that such data—though non-financial—enables hyper-realistic scams, as attackers mimic brand communications to deceive victims. Dior’s case underscores the **reputational and financial risks** tied to social media compromises, where even temporary control of an account can erode customer trust and facilitate downstream fraud. The attack aligns with a **56% spike in retail cybercrime** (per KnowBe4), driven by **phishing and AI-enhanced tactics**, with the average retail breach costing **$3.48 million** in 2024. While Dior’s parent company, LVMH, is investing in cybersecurity (e.g., partnerships with Google Cloud), the incident demonstrates how **minor vulnerabilities**—such as social media account security—can be exploited for high-impact fraud.
PCD Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for PCD
Incidents vs Personal Care Product Manufacturing Industry Average (This Year)
Parfums Christian Dior has 300.0% more incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
Parfums Christian Dior has 212.5% more incidents than the average of all companies with at least one recorded incident.
Incident Types PCD vs Personal Care Product Manufacturing Industry Avg (This Year)
Parfums Christian Dior reported 2 incidents this year: 0 cyber attacks, 0 ransomware, 0 vulnerabilities, 2 data breaches, compared to industry peers with at least 1 incident.
Incident History — PCD (X = Date, Y = Severity)
PCD cyber incidents detection timeline including parent company and subsidiaries
PCD Company Subsidiaries
Christian Dior described himself as a fashion and perfume designer. The House of Dior, founded in 1946, changed the face of style forever when its New Look was unveiled in the halls of 30 Avenue Montaigne on February 12th, 1947. The revolutionary look was accompanied by a fragrance, Miss Dior. This timeless perfume was the first fragrance created by a visionary brand which invented the concept of global beauty. The spirit of Dior is reflected in each of the House's products and in the care taken at every stage of their production. From Grasse to Paris to the Dior Gardens, Parfums Christian Dior enhances the most beautiful ingredients so that each of its creations helps shape its global aura. The House of Dior embodies passion, excellence, creativity, diversity, and collaboration. These values, so dear to the House, are at the heart of all Parfums Christian Dior’s activities. The Dior spirit is characterized by a professional environment of excellence where innovation and know-how have a primordial place. Day after day, all the Dior teams around the world are encouraged to be visionary, creative, audacious and agile. Thus, the House of Dior has always invested in employees to reveal their talent and personality, to build together, the Dior of tomorrow.
Loading...
PCD Similar Companies
Kenvue is the world’s largest pure-play consumer health company by revenue. Built on more than a century of heritage and propelled forward by science, our iconic brands — including Aveeno®, BAND-AID® Brand Adhesive Bandages, Johnson’s®, Listerine®, Neutrogena®, Tylenol® and Zyrtec® — are recommended
Coty
Since 1904, Coty has fearlessly pioneered innovation across the beauty industry. We have a reputation for breaking new ground; a history of ‘firsts’ and ‘bests’ that has laid the foundation for the industry as we know it today. For over a century, our brands have been empowering people to express t
Grupo Boticário
Beleza é o negócio do Grupo Boticário. Para nós, ela se traduz em nossas quatro unidades de negócio com atuação no setor cosmético: O Boticário, Eudora, quem disse, berenice? e The Beauty Box. A beleza também está no empreendedorismo, na sustentabilidade, inovação, ética e integridade que inspiram n
O Boticário
A beleza transforma, encanta, conquista e também pode ser conquistada. Eis o ideal de beleza que O Boticário multiplica com seus produtos, lojas e em sua relação com o público. Desde 1977, O Boticário soma inspiração, ousadia, inovação e qualidade, despertando o respeito do mercado, a confiança dos
Martina Berto
We are one of leading beauty companies in Indonesia, founded by Dr. (H.C) Martha Tilaar in 1970. Employing over 4,000 employees, our company divided into three business classifications, manufacturing and Marketing, Distribution, and Service. Our teams are creating innovation and best quality in beau
Natura
Founded in 1969, Natura is a Brazilian multinational in the cosmetics and personal care segment, a leader in direct sales in Brazil, and recognized for protecting the Amazon social biodiversity through its sustainable business model. Cruelty free. 100% vegan. With 7,000 employees and 2 million beaut
The Estée Lauder Companies Inc.
The Estée Lauder Companies Inc. is one of the world’s leading manufacturers, marketers, and sellers of quality skin care, makeup, fragrance, and hair care products, and is a steward of outstanding luxury and prestige brands globally. The company’s products are sold in approximately 150 countries and
L'Oréal
No.1 Beauty Group Worldwide. No.1 most innovative company in Europe (Fortune's ranking). We are 90K employees across 150 countries on five continents, united by our shared purpose: creating the beauty that moves the world. Our 37 international brands are divided into four unique Divisions: Luxe,
Avon
Think you know Avon? Think again. We’ve been doing beauty differently for 135 years. Pioneering in listening to women’s needs and speaking out for them. Standing for what matters to them. Supporting their endeavours. We’re a company that connects people through beauty, sharing passion, innovati
.png)
PCD CyberSecurity News
August 04, 2021 07:00 AM
Inside Christian Dior’s Château De La Colle Noire, An Invitation-Only Gem In Provence
Located in Provence and just north of Nice at Montauroux in Grasse, the château sits in an area where fragrance is in the air and beauty lies all around.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
PCD CyberSecurity History Information
Official Website of Parfums Christian Dior
The official website of Parfums Christian Dior is http://www.dior.com.
Parfums Christian Dior’s AI-Generated Cybersecurity Score
According to Rankiteo, Parfums Christian Dior’s AI-generated cybersecurity score is 605, reflecting their Poor security posture.
How many security badges does Parfums Christian Dior’ have ?
According to Rankiteo, Parfums Christian Dior currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Parfums Christian Dior have SOC 2 Type 1 certification ?
According to Rankiteo, Parfums Christian Dior is not certified under SOC 2 Type 1.
Does Parfums Christian Dior have SOC 2 Type 2 certification ?
According to Rankiteo, Parfums Christian Dior does not hold a SOC 2 Type 2 certification.
Does Parfums Christian Dior comply with GDPR ?
According to Rankiteo, Parfums Christian Dior is not listed as GDPR compliant.
Does Parfums Christian Dior have PCI DSS certification ?
According to Rankiteo, Parfums Christian Dior does not currently maintain PCI DSS compliance.
Does Parfums Christian Dior comply with HIPAA ?
According to Rankiteo, Parfums Christian Dior is not compliant with HIPAA regulations.
Does Parfums Christian Dior have ISO 27001 certification ?
According to Rankiteo,Parfums Christian Dior is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Parfums Christian Dior
Parfums Christian Dior operates primarily in the Personal Care Product Manufacturing industry.
Number of Employees at Parfums Christian Dior
Parfums Christian Dior employs approximately 8,441 people worldwide.
Subsidiaries Owned by Parfums Christian Dior
Parfums Christian Dior presently has no subsidiaries across any sectors.
Parfums Christian Dior’s LinkedIn Followers
Parfums Christian Dior’s official LinkedIn profile has approximately 853,239 followers.
NAICS Classification of Parfums Christian Dior
Parfums Christian Dior is classified under the NAICS code 32562, which corresponds to Toilet Preparation Manufacturing.
Parfums Christian Dior’s Presence on Crunchbase
No, Parfums Christian Dior does not have a profile on Crunchbase.
Parfums Christian Dior’s Presence on LinkedIn
Yes, Parfums Christian Dior maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/parfums-christian-dior.
Cybersecurity Incidents Involving Parfums Christian Dior
As of November 27, 2025, Rankiteo reports that Parfums Christian Dior has experienced 4 cybersecurity incidents.
Number of Peer and Competitor Companies
Parfums Christian Dior has an estimated 1,619 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Parfums Christian Dior ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach and Cyber Attack.
What was the total financial impact of these incidents on Parfums Christian Dior ?
Total Financial Loss: The total financial loss from these incidents is estimated to be $3.48 million.
How does Parfums Christian Dior detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an containment measures with prompt steps taken to contain the incident, and communication strategy with data breach notifications sent to affected customers, and third party assistance with lvmh partnered with google cloud for cybersecurity enhancements, and remediation measures with investment in cybersecurity (e.g., lvmh), remediation measures with data inventory checks (recommended by huntress), remediation measures with encryption of data at rest, remediation measures with tokenization of payment information, and incident response plan activated with mandatory for all network operators, incident response plan activated with must include real-time reporting capabilities, and law enforcement notified with state council’s public security department (for 'particularly serious' incidents), and containment measures with immediate reporting (≤60/30 minutes), containment measures with detailed initial damage assessment, and remediation measures with final report within 30 days with root causes and lessons learned, and recovery measures with government assistance if requested, and communication strategy with multiple reporting channels: hotline (12387), website, wechat, email, and enhanced monitoring with mandatory real-time monitoring upgrades for compliance, and incident response plan activated with yes (customers notified via text messages on may 12, 2024), and law enforcement notified with yes (investigated by chinese cyber police), and communication strategy with customer notifications via text messages..
Incident Details
Can you provide details on each incident ?
Title: Dior Data Breach Incident
Description: The House of Dior (Dior) experienced a data breach where personal information of U.S. customers was compromised. The incident occurred on January 26, 2025, but was detected on May 7, 2025. The breach involved unauthorized access to a Dior database containing sensitive customer information.
Date Detected: 2025-05-07
Type: Data Breach
Attack Vector: Database Compromise
Threat Actor: ShinyHunters extortion group
Motivation: Data Theft
Title: Wave of Cyberattacks Targeting Retail and Luxury Brands in 2025
Description: A series of high-profile cyberattacks in the first half of 2025 targeted major retail and luxury brands, including M&S, Co-op, Adidas, The North Face, Harrods, Louis Vuitton, Chanel, and Dior. Customer data was stolen, and system outages disrupted operations. Attackers exploited valuable customer data beyond financial information, leveraging purchase histories, personal details, and preferences for phishing and psychological targeting. Dior’s Instagram account was hacked in February, promoting a fake cryptocurrency scam ('Dior Official Coin'). LVMH reported a sharp increase in cybercrime, investing in cybersecurity partnerships with Google Cloud. Retail cyberattacks surged by 56%, driven by phishing and AI, with the average breach cost reaching $3.48 million in 2024 (up 18% from 2023).
Date Publicly Disclosed: 2025-01-01T00:00:00Z
Type: Data Breach
Attack Vector: PhishingAI-driven AttacksExploitation of Weak System FlawsSocial Media Account Compromise (Instagram)Supply Chain Vulnerabilities (e.g., vendor PoS systems)
Vulnerability Exploited: Unknown system flaws in retail/luxury brand infrastructureWeak authentication (Dior Instagram)Third-party vendor vulnerabilities (historical reference: Target 2013 breach)
Motivation: Financial Gain (e.g., fake cryptocurrency scam)Data Theft for Psychological Targeting/PhishingExploitation of Customer Profiles for Secondary Attacks
Title: Implementation of China's National Cybersecurity Incident Reporting Management Measures
Description: From November 1, China will enforce one of the strictest cybersecurity regulations globally, requiring network operators to report serious incidents within 60 minutes (or 30 minutes for 'particularly serious' cases). The measures categorize incidents into four severity levels, mandate detailed initial and final reports, and impose severe penalties for non-compliance. This follows a high-profile fine on Dior's Shanghai branch for unauthorized data transfers, underscoring China's emphasis on data protection as a national priority.
Date Publicly Disclosed: 2023-11-01
Type: Regulatory Compliance
Motivation: National Security, Social Stability, Data Sovereignty, Economic Protection
Title: Dior Shanghai Data Breach and Unauthorized Data Transfer to France
Description: The Cyberspace Administration of China (CAC) penalized Dior's Shanghai unit for illegally transferring customer personal data to its Paris headquarters without authorization, failing to implement required safeguards, and suffering a data breach in May 2024. The breach exposed customer data, including names, contact details, purchase history, and consumption preferences. Dior did not conduct a security assessment, obtain consent, or encrypt the data properly. Penalties are pending disclosure.
Date Detected: 2024-05-07
Date Publicly Disclosed: 2024-05-12
Type: Data Breach
Vulnerability Exploited: Lack of Data EncryptionInsufficient Access ControlsImproper Data Transfer Protocols
Threat Actor: Unauthorized External Party
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach PAR711072225
Data Compromised: Full names, Contact details, Physical address, Date of birth, Passport or government id number (in some cases), Social security number (in some cases)
Identity Theft Risk: High
Payment Information Risk: Low
Incident : Data Breach PAR517090325
Financial Loss: $3.48 million (average per breach in 2024, 18% increase from 2023)
Downtime: True
Operational Impact: Disruption of daily operations across multiple brands
Brand Reputation Impact: High (luxury brands like Dior, LVMH, Chanel targeted; erosion of trust)
Identity Theft Risk: High (customer profiles, preferences, and contact info exposed)
Payment Information Risk: Partial (e.g., last 4 digits of credit cards in JD Sports 2023 breach)
Incident : Regulatory Compliance PAR3532535092325
Operational Impact: Mandatory real-time monitoring upgradesRapid decision-making compliance teamsIncreased legal/regulatory scrutiny
Brand Reputation Impact: Potential reputational damage for non-compliant organizationsIncreased public trust in cybersecurity transparency
Legal Liabilities: Severe penalties for delayed/omitted/falsified reportsFines for unauthorized data transfers (e.g., Dior case)
Incident : Data Breach PAR0952609100225
Data Compromised: Names, Gender, Phone numbers, Email addresses, Mailing addresses, Purchase history, Consumption preferences
Customer Complaints: Multiple customers received warning text messages (May 12, 2024)
Brand Reputation Impact: Potential reputational damage due to regulatory violations and breach disclosure
Legal Liabilities: Administrative penalty imposed by Cyberspace Administration of China (specific fines undisclosed)
Identity Theft Risk: High (personal data exposed)
What is the average financial loss per incident ?
Average Financial Loss: The average financial loss per incident is $870.00 thousand.
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Full Names, Contact Details, Physical Address, Date Of Birth, Passport Or Government Id Number (In Some Cases), Social Security Number (In Some Cases), , Customer Profiles, Purchase Histories, Contact Information, Preferences, Partial Payment Data (E.G., Last 4 Digits Of Credit Cards), Personally Identifiable Information (Pii), , Sensitive Data Threatening National Security, Personal Information (>100M Citizens), Dior Case: Customer Data (Unauthorized Transfer), , Personal Identifiable Information (Pii), Purchase History, Consumer Preferences and .
Which entities were affected by each incident ?
Incident : Data Breach PAR711072225
Entity Name: Dior
Entity Type: Luxury Fashion House
Industry: Fashion
Location: Worldwide
Size: Large
Incident : Data Breach PAR517090325
Entity Name: Marks & Spencer (M&S)
Entity Type: Retailer
Industry: Retail
Location: United Kingdom
Incident : Data Breach PAR517090325
Entity Name: Co-op
Entity Type: Retailer
Industry: Retail
Location: United Kingdom
Incident : Data Breach PAR517090325
Entity Name: Adidas
Entity Type: Retailer
Industry: Apparel
Location: Global (HQ: Germany)
Incident : Data Breach PAR517090325
Entity Name: The North Face
Entity Type: Retailer
Industry: Apparel
Location: Global (HQ: USA)
Incident : Data Breach PAR517090325
Entity Name: Harrods
Entity Type: Luxury Retailer
Industry: Retail
Location: United Kingdom
Incident : Data Breach PAR517090325
Entity Name: Louis Vuitton (LVMH)
Entity Type: Luxury Brand
Industry: Fashion
Location: Global (HQ: France)
Incident : Data Breach PAR517090325
Entity Name: Chanel
Entity Type: Luxury Brand
Industry: Fashion
Location: Global (HQ: France)
Incident : Data Breach PAR517090325
Entity Name: Dior (LVMH)
Entity Type: Luxury Brand
Industry: Fashion
Location: Global (HQ: France)
Incident : Regulatory Compliance PAR3532535092325
Entity Name: Network Operators in China (Broad Definition)
Entity Type: Private Companies, Government Agencies, Financial Institutions, Online Platforms
Industry: Technology, Finance, Government, Media, E-Commerce, Telecommunications
Location: China
Size: All sizes (from SMEs to multinational corporations)
Incident : Regulatory Compliance PAR3532535092325
Entity Name: Dior Shanghai
Entity Type: Subsidiary
Industry: Luxury Retail
Location: Shanghai, China
Size: Large Enterprise
Customers Affected: Customer data transferred without authorization (scale undisclosed)
Incident : Data Breach PAR0952609100225
Entity Name: Dior Shanghai (LVMH)
Entity Type: Subsidiary
Industry: Luxury Retail
Location: Shanghai, China
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach PAR711072225
Incident Response Plan Activated: True
Containment Measures: Prompt steps taken to contain the incident
Communication Strategy: Data breach notifications sent to affected customers
Incident : Data Breach PAR517090325
Third Party Assistance: LVMH partnered with Google Cloud for cybersecurity enhancements
Remediation Measures: Investment in cybersecurity (e.g., LVMH)Data inventory checks (recommended by Huntress)Encryption of data at restTokenization of payment information
Incident : Regulatory Compliance PAR3532535092325
Incident Response Plan Activated: ['Mandatory for all network operators', 'Must include real-time reporting capabilities']
Law Enforcement Notified: State Council’s Public Security Department (for 'particularly serious' incidents),
Containment Measures: Immediate reporting (≤60/30 minutes)Detailed initial damage assessment
Remediation Measures: Final report within 30 days with root causes and lessons learned
Recovery Measures: Government assistance if requested
Communication Strategy: Multiple reporting channels: hotline (12387), website, WeChat, email
Enhanced Monitoring: Mandatory real-time monitoring upgrades for compliance
Incident : Data Breach PAR0952609100225
Incident Response Plan Activated: Yes (customers notified via text messages on May 12, 2024)
Law Enforcement Notified: Yes (investigated by Chinese cyber police)
Communication Strategy: Customer notifications via text messages
What is the company's incident response plan?
Incident Response Plan: The company's incident response plan is described as Mandatory for all network operators, Must include real-time reporting capabilities, , Yes (customers notified via text messages on May 12, 2024).
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through LVMH partnered with Google Cloud for cybersecurity enhancements.
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach PAR711072225
Type of Data Compromised: Full names, Contact details, Physical address, Date of birth, Passport or government id number (in some cases), Social security number (in some cases)
Sensitivity of Data: High
Incident : Data Breach PAR517090325
Type of Data Compromised: Customer profiles, Purchase histories, Contact information, Preferences, Partial payment data (e.g., last 4 digits of credit cards), Personally identifiable information (pii)
Sensitivity of Data: High (includes psychological targeting data)
Incident : Regulatory Compliance PAR3532535092325
Type of Data Compromised: Sensitive data threatening national security, Personal information (>100m citizens), Dior case: customer data (unauthorized transfer)
Number of Records Exposed: >100,000,000 (for 'particularly serious' incidents), Undisclosed (Dior case)
Sensitivity of Data: High (national security)High (personal data)Medium (Dior customer data)
Data Exfiltration: Dior case: Data transferred to France without encryption/checks
Data Encryption: ['Dior case: Lack of required encryption']
Personally Identifiable Information: Yes (for incidents involving >100M citizens)
Incident : Data Breach PAR0952609100225
Type of Data Compromised: Personal identifiable information (pii), Purchase history, Consumer preferences
Sensitivity of Data: High
Data Exfiltration: Yes (by unauthorized external party)
Data Encryption: No (failed to implement encryption)
Personally Identifiable Information: Yes (names, phone numbers, email addresses, mailing addresses)
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Investment in cybersecurity (e.g., LVMH), Data inventory checks (recommended by Huntress), Encryption of data at rest, Tokenization of payment information, , Final report within 30 days with root causes and lessons learned, .
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by prompt steps taken to contain the incident, immediate reporting (≤60/30 minutes), detailed initial damage assessment and .
Ransomware Information
How does the company recover data encrypted by ransomware ?
Data Recovery from Ransomware: The company recovers data encrypted by ransomware through Government assistance if requested, .
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Regulatory Compliance PAR3532535092325
Regulations Violated: National Cybersecurity Incident Reporting Management Measures (effective Nov 1, 2023), Data Localization Laws (Dior case),
Fines Imposed: ['Dior Shanghai: Undisclosed fine for unauthorized data transfer']
Legal Actions: Potential legal penalties for delayed/omitted/falsified reports,
Regulatory Notifications: Mandatory notifications to CAC and Public Security Department
Incident : Data Breach PAR0952609100225
Regulations Violated: China's Personal Information Protection Law (PIPL) - Unauthorized cross-border data transfer, Failure to conduct security assessment for data export, Lack of standard contract for data export, No personal information protection certification, Failure to inform customers or obtain consent for data transfer, Insufficient data encryption and de-identification,
Fines Imposed: Pending disclosure
Legal Actions: Administrative penalty by Cyberspace Administration of China
Regulatory Notifications: Yes (investigation announced by Chinese cyber police on September 9, 2024)
How does the company ensure compliance with regulatory requirements ?
Ensuring Regulatory Compliance: The company ensures compliance with regulatory requirements through Potential legal penalties for delayed/omitted/falsified reports, , Administrative penalty by Cyberspace Administration of China.
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : Data Breach PAR517090325
Lessons Learned: Cybercriminals target non-financial customer data (e.g., preferences, purchase history) for psychological exploitation., Luxury brands are high-value targets due to the sensitivity of customer profiles., Phishing and AI-driven attacks are primary vectors in retail breaches., Early detection and incident response planning are critical to mitigating impact., Third-party vulnerabilities (e.g., vendors) remain a significant risk.
Incident : Regulatory Compliance PAR3532535092325
Lessons Learned: Speed and transparency in incident reporting are critical under China's framework., Data sovereignty and localization are non-negotiable for multinational operations., Real-time monitoring and compliance teams are essential for adherence to strict deadlines., Cross-border data transfers require explicit security checks and encryption.
Incident : Data Breach PAR0952609100225
Lessons Learned: Luxury brands must prioritize data localization and compliance with regional regulations (e.g., China's PIPL)., Cross-border data transfers require security assessments, contracts, and customer consent., Data encryption and de-identification are critical for protecting customer information., Scattered or poorly classified customer data increases breach risks and complicates security measures.
What recommendations were made to prevent future incidents ?
Incident : Data Breach PAR517090325
Recommendations: Conduct data inventory checks to identify and secure sensitive information., Review legal obligations for payment data and PII handling., Develop and regularly test incident response plans with tabletop exercises., Implement managed detection and response (MDR) services., Encrypt data at rest and tokenize payment information., Strengthen authentication for social media and high-value accounts (e.g., Dior Instagram)., Monitor dark web for stolen data and backdoor establishments.Conduct data inventory checks to identify and secure sensitive information., Review legal obligations for payment data and PII handling., Develop and regularly test incident response plans with tabletop exercises., Implement managed detection and response (MDR) services., Encrypt data at rest and tokenize payment information., Strengthen authentication for social media and high-value accounts (e.g., Dior Instagram)., Monitor dark web for stolen data and backdoor establishments.Conduct data inventory checks to identify and secure sensitive information., Review legal obligations for payment data and PII handling., Develop and regularly test incident response plans with tabletop exercises., Implement managed detection and response (MDR) services., Encrypt data at rest and tokenize payment information., Strengthen authentication for social media and high-value accounts (e.g., Dior Instagram)., Monitor dark web for stolen data and backdoor establishments.Conduct data inventory checks to identify and secure sensitive information., Review legal obligations for payment data and PII handling., Develop and regularly test incident response plans with tabletop exercises., Implement managed detection and response (MDR) services., Encrypt data at rest and tokenize payment information., Strengthen authentication for social media and high-value accounts (e.g., Dior Instagram)., Monitor dark web for stolen data and backdoor establishments.Conduct data inventory checks to identify and secure sensitive information., Review legal obligations for payment data and PII handling., Develop and regularly test incident response plans with tabletop exercises., Implement managed detection and response (MDR) services., Encrypt data at rest and tokenize payment information., Strengthen authentication for social media and high-value accounts (e.g., Dior Instagram)., Monitor dark web for stolen data and backdoor establishments.Conduct data inventory checks to identify and secure sensitive information., Review legal obligations for payment data and PII handling., Develop and regularly test incident response plans with tabletop exercises., Implement managed detection and response (MDR) services., Encrypt data at rest and tokenize payment information., Strengthen authentication for social media and high-value accounts (e.g., Dior Instagram)., Monitor dark web for stolen data and backdoor establishments.Conduct data inventory checks to identify and secure sensitive information., Review legal obligations for payment data and PII handling., Develop and regularly test incident response plans with tabletop exercises., Implement managed detection and response (MDR) services., Encrypt data at rest and tokenize payment information., Strengthen authentication for social media and high-value accounts (e.g., Dior Instagram)., Monitor dark web for stolen data and backdoor establishments.
Incident : Regulatory Compliance PAR3532535092325
Recommendations: Implement automated incident detection and reporting systems to meet 30/60-minute deadlines., Establish dedicated compliance teams with legal and technical expertise., Conduct regular audits of data transfer practices to avoid violations like Dior's case., Leverage China's multiple reporting channels (hotline, WeChat, etc.) for redundancy., Prioritize encryption and access controls for sensitive/personal data.Implement automated incident detection and reporting systems to meet 30/60-minute deadlines., Establish dedicated compliance teams with legal and technical expertise., Conduct regular audits of data transfer practices to avoid violations like Dior's case., Leverage China's multiple reporting channels (hotline, WeChat, etc.) for redundancy., Prioritize encryption and access controls for sensitive/personal data.Implement automated incident detection and reporting systems to meet 30/60-minute deadlines., Establish dedicated compliance teams with legal and technical expertise., Conduct regular audits of data transfer practices to avoid violations like Dior's case., Leverage China's multiple reporting channels (hotline, WeChat, etc.) for redundancy., Prioritize encryption and access controls for sensitive/personal data.Implement automated incident detection and reporting systems to meet 30/60-minute deadlines., Establish dedicated compliance teams with legal and technical expertise., Conduct regular audits of data transfer practices to avoid violations like Dior's case., Leverage China's multiple reporting channels (hotline, WeChat, etc.) for redundancy., Prioritize encryption and access controls for sensitive/personal data.Implement automated incident detection and reporting systems to meet 30/60-minute deadlines., Establish dedicated compliance teams with legal and technical expertise., Conduct regular audits of data transfer practices to avoid violations like Dior's case., Leverage China's multiple reporting channels (hotline, WeChat, etc.) for redundancy., Prioritize encryption and access controls for sensitive/personal data.
Incident : Data Breach PAR0952609100225
Recommendations: Implement unified, tiered data security frameworks with dynamic risk controls., Conduct regular security audits and compliance checks for cross-border data flows., Enhance customer data protection with encryption, access controls, and anonymization., Establish clear protocols for breach disclosure and regulatory reporting., Train employees on data handling best practices and regulatory requirements.Implement unified, tiered data security frameworks with dynamic risk controls., Conduct regular security audits and compliance checks for cross-border data flows., Enhance customer data protection with encryption, access controls, and anonymization., Establish clear protocols for breach disclosure and regulatory reporting., Train employees on data handling best practices and regulatory requirements.Implement unified, tiered data security frameworks with dynamic risk controls., Conduct regular security audits and compliance checks for cross-border data flows., Enhance customer data protection with encryption, access controls, and anonymization., Establish clear protocols for breach disclosure and regulatory reporting., Train employees on data handling best practices and regulatory requirements.Implement unified, tiered data security frameworks with dynamic risk controls., Conduct regular security audits and compliance checks for cross-border data flows., Enhance customer data protection with encryption, access controls, and anonymization., Establish clear protocols for breach disclosure and regulatory reporting., Train employees on data handling best practices and regulatory requirements.Implement unified, tiered data security frameworks with dynamic risk controls., Conduct regular security audits and compliance checks for cross-border data flows., Enhance customer data protection with encryption, access controls, and anonymization., Establish clear protocols for breach disclosure and regulatory reporting., Train employees on data handling best practices and regulatory requirements.
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are Cybercriminals target non-financial customer data (e.g., preferences, purchase history) for psychological exploitation.,Luxury brands are high-value targets due to the sensitivity of customer profiles.,Phishing and AI-driven attacks are primary vectors in retail breaches.,Early detection and incident response planning are critical to mitigating impact.,Third-party vulnerabilities (e.g., vendors) remain a significant risk.Speed and transparency in incident reporting are critical under China's framework.,Data sovereignty and localization are non-negotiable for multinational operations.,Real-time monitoring and compliance teams are essential for adherence to strict deadlines.,Cross-border data transfers require explicit security checks and encryption.Luxury brands must prioritize data localization and compliance with regional regulations (e.g., China's PIPL).,Cross-border data transfers require security assessments, contracts, and customer consent.,Data encryption and de-identification are critical for protecting customer information.,Scattered or poorly classified customer data increases breach risks and complicates security measures.
References
Where can I find more information about each incident ?
Incident : Data Breach PAR711072225
Source: BleepingComputer
Incident : Data Breach PAR517090325
Source: WWD (Women's Wear Daily)
Incident : Data Breach PAR517090325
Source: Oxylabs (Julius Cerniauskas, CEO)
Incident : Data Breach PAR517090325
Source: NordVPN (Marijus Briedis, CTO)
Incident : Data Breach PAR517090325
Source: KnowBe4 Report (March 2025)
Incident : Data Breach PAR517090325
Source: Huntress (Michael Tigges, Senior Security Analyst)
Incident : Data Breach PAR517090325
Source: Historical References: Yahoo (2013–2014), Target (2013), VF Corp (2023), JD Sports (2023)
Incident : Regulatory Compliance PAR3532535092325
Source: Cyberspace Administration of China (CAC)
Incident : Regulatory Compliance PAR3532535092325
Source: Dior Shanghai Fine Case
Incident : Data Breach PAR0952609100225
Source: Cyberspace Administration of China (CAC) Announcement
Date Accessed: 2024-09-09
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: BleepingComputer, and Source: WWD (Women's Wear Daily), and Source: Oxylabs (Julius Cerniauskas, CEO), and Source: NordVPN (Marijus Briedis, CTO), and Source: KnowBe4 Report (March 2025), and Source: Huntress (Michael Tigges, Senior Security Analyst), and Source: Historical References: Yahoo (2013–2014), Target (2013), VF Corp (2023), JD Sports (2023), and Source: Cyberspace Administration of China (CAC), and Source: Dior Shanghai Fine Case, and Source: Yicai GlobalDate Accessed: 2024-09-10, and Source: Cyberspace Administration of China (CAC) AnnouncementDate Accessed: 2024-09-09.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Data Breach PAR711072225
Investigation Status: Ongoing
Incident : Data Breach PAR517090325
Investigation Status: Ongoing (per LVMH and industry reports)
Incident : Regulatory Compliance PAR3532535092325
Investigation Status: Ongoing (regulatory framework enforcement begins Nov 1, 2023)
Incident : Data Breach PAR0952609100225
Investigation Status: Completed (regulatory investigation concluded; penalties pending)
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Data breach notifications sent to affected customers, Multiple Reporting Channels: Hotline (12387), Website, Wechat, Email and Customer notifications via text messages.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Data Breach PAR711072225
Customer Advisories: Remain vigilant for scams and phishing attempts, monitor financial accounts, enroll in 24-month credit monitoring and identity theft protection
Incident : Regulatory Compliance PAR3532535092325
Stakeholder Advisories: All Network Operators Must Prepare For Strict Compliance By November 1, 2023.
Customer Advisories: Increased transparency in breach notifications may improve public trust
Incident : Data Breach PAR0952609100225
Customer Advisories: Warning text messages sent to affected customers on May 12, 2024
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Remain vigilant for scams and phishing attempts, monitor financial accounts, enroll in 24-month credit monitoring and identity theft protection, All Network Operators Must Prepare For Strict Compliance By November 1, 2023, Increased Transparency In Breach Notifications May Improve Public Trust, , Warning text messages sent to affected customers on May 12 and 2024.
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Data Breach PAR517090325
High Value Targets: Luxury Brand Customer Databases, Social Media Accounts (E.G., Dior Instagram), Third-Party Vendor Systems,
Data Sold on Dark Web: Luxury Brand Customer Databases, Social Media Accounts (E.G., Dior Instagram), Third-Party Vendor Systems,
Incident : Data Breach PAR0952609100225
High Value Targets: Customer Pii, Purchase History,
Data Sold on Dark Web: Customer Pii, Purchase History,
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Data Breach PAR517090325
Root Causes: Exploitation Of System Flaws (Even Minor Ones), Insufficient Authentication For High-Value Accounts (E.G., Social Media), Lack Of Proactive Threat Detection For Phishing/Ai-Driven Attacks, Third-Party Vendor Vulnerabilities,
Corrective Actions: Enhanced Cybersecurity Investments (E.G., Lvmh-Google Cloud Partnership), Regular Incident Response Drills, Data Encryption And Tokenization, Dark Web Monitoring For Stolen Data,
Incident : Regulatory Compliance PAR3532535092325
Root Causes: Historical Lack Of Standardized Incident Reporting In China, Increasing Cyber Threats To National Security And Economic Stability, Gaps In Cross-Border Data Transfer Controls (E.G., Dior Case),
Corrective Actions: Legally Binding Reporting Deadlines (30/60 Minutes), Expanded Definition Of 'Network Operators' To Close Compliance Gaps, Multi-Channel Reporting To Eliminate Procedural Excuses, Mandatory 30-Day Final Reports With Accountability Measures,
Incident : Data Breach PAR0952609100225
Root Causes: Lack Of Compliance With China'S Data Export Regulations (Pipl)., Failure To Implement Data Encryption And De-Identification., Inadequate Customer Consent Mechanisms For Data Transfers., Poor Data Management Practices (Scattered, Broadly Classified Data).,
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as LVMH partnered with Google Cloud for cybersecurity enhancements, Mandatory Real-Time Monitoring Upgrades For Compliance, .
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Enhanced Cybersecurity Investments (E.G., Lvmh-Google Cloud Partnership), Regular Incident Response Drills, Data Encryption And Tokenization, Dark Web Monitoring For Stolen Data, , Legally Binding Reporting Deadlines (30/60 Minutes), Expanded Definition Of 'Network Operators' To Close Compliance Gaps, Multi-Channel Reporting To Eliminate Procedural Excuses, Mandatory 30-Day Final Reports With Accountability Measures, .
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident were an ShinyHunters extortion group and Unauthorized External Party.
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2025-05-07.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2024-05-12.
Impact of the Incidents
What was the highest financial loss from an incident ?
Highest Financial Loss: The highest financial loss from an incident was $3.48 million (average per breach in 2024, 18% increase from 2023).
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Full names, Contact details, Physical address, Date of birth, Passport or government ID number (in some cases), Social Security Number (in some cases), , , Names, Gender, Phone Numbers, Email Addresses, Mailing Addresses, Purchase History, Consumption Preferences and .
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was LVMH partnered with Google Cloud for cybersecurity enhancements.
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident were Prompt steps taken to contain the incident and Immediate reporting (≤60/30 minutes)Detailed initial damage assessment.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Phone Numbers, Passport or government ID number (in some cases), Email Addresses, Contact details, Date of birth, Full names, Consumption Preferences, Social Security Number (in some cases), Gender, Mailing Addresses, Physical address, Purchase History and Names.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 100.0M.
Regulatory Compliance
What was the highest fine imposed for a regulatory violation ?
Highest Fine Imposed: The highest fine imposed for a regulatory violation was Dior Shanghai: Undisclosed fine for unauthorized data transfer, , Pending disclosure.
What was the most significant legal action taken for a regulatory violation ?
Most Significant Legal Action: The most significant legal action taken for a regulatory violation was Potential legal penalties for delayed/omitted/falsified reports, , Administrative penalty by Cyberspace Administration of China.
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Scattered or poorly classified customer data increases breach risks and complicates security measures.
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Establish clear protocols for breach disclosure and regulatory reporting., Implement automated incident detection and reporting systems to meet 30/60-minute deadlines., Monitor dark web for stolen data and backdoor establishments., Review legal obligations for payment data and PII handling., Leverage China's multiple reporting channels (hotline, WeChat, etc.) for redundancy., Establish dedicated compliance teams with legal and technical expertise., Conduct regular security audits and compliance checks for cross-border data flows., Train employees on data handling best practices and regulatory requirements., Enhance customer data protection with encryption, access controls, and anonymization., Implement unified, tiered data security frameworks with dynamic risk controls., Develop and regularly test incident response plans with tabletop exercises., Implement managed detection and response (MDR) services., Prioritize encryption and access controls for sensitive/personal data., Conduct data inventory checks to identify and secure sensitive information., Conduct regular audits of data transfer practices to avoid violations like Dior's case., Strengthen authentication for social media and high-value accounts (e.g., Dior Instagram). and Encrypt data at rest and tokenize payment information..
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are Huntress (Michael Tigges, Senior Security Analyst), Yicai Global, Dior Shanghai Fine Case, Oxylabs (Julius Cerniauskas, CEO), Cyberspace Administration of China (CAC), Cyberspace Administration of China (CAC) Announcement, KnowBe4 Report (March 2025), WWD (Women's Wear Daily), BleepingComputer, NordVPN (Marijus Briedis, CTO), Historical References: Yahoo (2013–2014), Target (2013), VF Corp (2023) and JD Sports (2023).
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing.
Stakeholder and Customer Advisories
What was the most recent stakeholder advisory issued ?
Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was All network operators must prepare for strict compliance by November 1, 2023, .
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued were an Remain vigilant for scams and phishing attempts, monitor financial accounts, enroll in 24-month credit monitoring and identity theft protection, Increased transparency in breach notifications may improve public trust, Warning text messages sent to affected customers on May 12 and 2024.
Post-Incident Analysis
What was the most significant root cause identified in post-incident analysis ?
Most Significant Root Cause: The most significant root cause identified in post-incident analysis was Exploitation of system flaws (even minor ones)Insufficient authentication for high-value accounts (e.g., social media)Lack of proactive threat detection for phishing/AI-driven attacksThird-party vendor vulnerabilities, Historical lack of standardized incident reporting in ChinaIncreasing cyber threats to national security and economic stabilityGaps in cross-border data transfer controls (e.g., Dior case), Lack of compliance with China's data export regulations (PIPL).Failure to implement data encryption and de-identification.Inadequate customer consent mechanisms for data transfers.Poor data management practices (scattered, broadly classified data)..
What was the most significant corrective action taken based on post-incident analysis ?
Most Significant Corrective Action: The most significant corrective action taken based on post-incident analysis was Enhanced cybersecurity investments (e.g., LVMH-Google Cloud partnership)Regular incident response drillsData encryption and tokenizationDark web monitoring for stolen data, Legally binding reporting deadlines (30/60 minutes)Expanded definition of 'network operators' to close compliance gapsMulti-channel reporting to eliminate procedural excusesMandatory 30-day final reports with accountability measures.
.png)
Latest Global CVEs (Not Company-Specific)
Description
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.
Risk Information
cvss4
Base: 7.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
- https://github.com/angular/angular/commit/0276479e7d0e280e0f8d26fa567d3b7aa97a516f
- https://github.com/angular/angular/commit/05fe6686a97fa0bcd3cf157805b3612033f975bc
- https://github.com/angular/angular/commit/3240d856d942727372a705252f7c8c115394a41e
- https://github.com/angular/angular/releases/tag/19.2.16
- https://github.com/angular/angular/releases/tag/20.3.14
- https://github.com/angular/angular/releases/tag/21.0.1
- https://github.com/angular/angular/security/advisories/GHSA-58c5-g7wp-6w37
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 6.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected when working with large buffers. This includes a rule passing a large buffer to a Lua script. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling Lua rules and output scripts, or making sure limits, such as stream.depth.reassembly and HTTP response body limits (response-body-limit), are set to less than half the stack size.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64_data. This issue has been patched in version 8.0.2. A workaround involves disabling rules that use entropy in conjunction with base64_data.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=parfums-christian-dior' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
