PUMA Group
Company Details
Linkedin ID:
puma
Website:
Employees number:
21,972
Number of followers:
1,602,345
NAICS:
43
Industry Type:
Homepage:
puma.com
IP Addresses:
184
Company ID:
PUM_2897049
Scan Status:
Completed
PUMA Group Company CyberSecurity Posture
puma.com
PUMA is one of the world’s leading sports brands, designing, developing, selling and marketing footwear, apparel and accessories. For more than 75 years, PUMA has relentlessly pushed sport and culture forward by creating fast products for the world’s fastest athletes. PUMA offers performance and sport-inspired lifestyle products in categories such as Football, Running and Training, Basketball, Golf, and Motorsports. It collaborates with renowned designers and brands to bring sport influences into street culture and fashion. The PUMA Group owns the brands PUMA, Cobra Golf and stichd. The company operates in more than 120 countries, employs around 22,000 people worldwide, and is headquartered in Herzogenaurach/Germany.
PUMA Group A.I CyberSecurity Scoring
PUMA Group Risk Score (AI oriented)Between 700 and 749
PUMA Group
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
PUMA Group Global Score (TPRM)XXXX
PUMA Group
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
PUMA Group Company CyberSecurity News & History
Past Incidents
2
Attack Types
2
PUMA Group
Data Leak
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Private data allegedly belonging to more than 230,000 Puma customers in Chile has been found on a hacker forum. The threat actor listed an 84MB-strong dataset for sale that allegedly belonging to 237,013 users. The data included Customer Email, Telephone, Customer Name, Documento, Purchase Date, Bill-to Name, Ship-to Name, Grand Total (Base), Grand Total (Purchased), Billing Address, Shipping Address, Subtotal, Shipping and Handling, Medio de pago, Oms Number, Coupon Code, Cart Rule, Estado del Pago, Ciudad, Region.
PUMA Group
Breach
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: The data of Puma Employees was breached in a ransomware attack that hit Ultimate Kronos Group, an HR management platform. The data includes names, Social Security numbers, and other personal information.
PUMA Group Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for PUMA Group
Incidents vs Retail Industry Average (This Year)
No incidents recorded for PUMA Group in 2026.
Incidents vs All-Companies Average (This Year)
No incidents recorded for PUMA Group in 2026.
Incident Types PUMA Group vs Retail Industry Avg (This Year)
No incidents recorded for PUMA Group in 2026.
Incident History — PUMA Group (X = Date, Y = Severity)
PUMA Group cyber incidents detection timeline including parent company and subsidiaries
PUMA Group Company Subsidiaries
PUMA is one of the world’s leading sports brands, designing, developing, selling and marketing footwear, apparel and accessories. For more than 75 years, PUMA has relentlessly pushed sport and culture forward by creating fast products for the world’s fastest athletes. PUMA offers performance and sport-inspired lifestyle products in categories such as Football, Running and Training, Basketball, Golf, and Motorsports. It collaborates with renowned designers and brands to bring sport influences into street culture and fashion. The PUMA Group owns the brands PUMA, Cobra Golf and stichd. The company operates in more than 120 countries, employs around 22,000 people worldwide, and is headquartered in Herzogenaurach/Germany.
Loading...
PUMA Group Similar Companies
Victoria’s Secret & Co. (NYSE: VSCO) is a specialty retailer of modern, fashion-inspired collections including signature bras, panties, lingerie, casual sleepwear, athleisure and swim, as well as award-winning prestige fragrances and body care. VS&Co is comprised of market leading brands, Victoria’s
Charlotte-based Belk, Inc., a privately-owned department store, began when William Henry Belk opened his first store in 1888 with his brother, Dr. John Belk, joining as a partner. What started as two brothers in business has now grown into a legacy of selling great products at great prices, treating
LC Waikiki
We have been continuing our journey that we started in France in 1988, as a Turkish brand since 1997 under the structure of “LC Waikiki Mağazacılık Hizmetleri Ticaret A.Ş.”. We act with the philosophy of “Everyone deserves to dress well” and we are working to be one of the pioneers of the industry w
Grupo Éxito
En Grupo Éxito evolucionamos junto a nuestros clientes, adaptándonos a las nuevas formas de consumo a través de la innovación, la transformación digital, las experiencias y la sostenibilidad. Como parte de la plataforma de retail más grande de Suramérica, estamos presentes en Colombia con las marcas
Michaels Stores
At The Michaels Companies Inc, our purpose is to fuel the joy of creativity. As the leading creative destination in North America, we operate over 1,300 stores in 49 states and Canada and online at Michaels.com and Michaels.ca. The Michaels Companies, Inc. also owns Artistree, a manufacturer of cust
As we reinvent ourselves to fit the diversity of America, we are looking for motivated, talented people who can emerge as Warriors in our organization. JCPenney offers an inclusive environment and culture where you can find and define yourself - your style, your purpose and your career. We know s
The Home Depot, the world’s largest home improvement specialty retailer, values and rewards dedicated, knowledgeable, and experienced professionals. We operate more than 2,300 retail stores in all 50 states, the District of Columbia, Puerto Rico, the U.S. Virgin Islands, Guam, Canada, and Mexico. A
H&M Group
Founded in 1947, H&M Group is a global design company with ~4,702 stores in 76 markets and 56 online markets. At H&M Group, we believe in making great design available to everyone. It’s essential in everything we do. Our family of brands and business ventures offer customers around the world a wealt
RGIS
Since 1958, we’ve been pushing the envelope for accurate and reliable inventories and quality retail merchandising services. Our trusted results allowed us to expand across the globe as well as leverage our expertise to service other industries. With nation-wide coverage and thousands of employees
.png)
PUMA Group CyberSecurity News
December 22, 2025 08:00 AM
Leonardo warns it could exit UK helicopter manufacturing without £1bn defence contract
Leonardo has warned the UK government that it may be forced to shut down its helicopter manufacturing operations in Britain if it fails to...
October 23, 2025 07:00 AM
Soitec and CEA Partner for Automotive Cybersecurity FD-SOI Technology
Developing Automotive Cybersecurity with Soitec and CEA's Advanced FD-SOI Technology. Protect vehicles from remote hacking with robust...
October 08, 2025 07:00 AM
Qantas among nearly 40 companies facing ransom demand from hacker group
Hacker collective Scattered Lapsus$ Hunters reportedly threatening to leak stolen personal data from dozens of firms in major extortion...
September 22, 2025 07:00 AM
German companies face rising cybercrime
Sabotage, data theft and espionage are affecting more and more companies in Germany, costing them billions in damages every year and...
August 04, 2025 07:00 AM
MeitY invites cybersecurity project proposals focused on innovation, safety and indigenous tech
From AI to quantum systems, mobile safety apps to vehicle forensics, MeitY's call for R&D aims at building cyber resilience across critical...
June 05, 2025 07:00 AM
Weekly Intelligence Report – 06 June 2025
CYFIRMA Research and Advisory Team has found Datarip Ransomware while monitoring various underground forums as part of our Threat Discovery Process.
May 20, 2025 07:00 AM
At Indiana’s only nuclear reactor, engineers conduct the first experiments of their kind in the U.S.
Purdue University's 63-year-old reactor gained capabilities in 2019 that next-generation reactors will also have when they are built.
April 07, 2025 07:00 AM
ExpressVPN at Hackathons and CTF Competitions
Discover how our Security Team dominates Capture the Flag competitions against global giants, helping us stay ahead of the cybersecurity...
December 27, 2024 08:00 AM
The Top 10 Most Active Ransomware Groups of 2024
The past year was marked by the decline of ALPHV/BlackCat, the disruption of LockBit and the rapid emergence of RansomHub.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
PUMA Group CyberSecurity History Information
Official Website of PUMA Group
The official website of PUMA Group is http://about.puma.com/en/careers.
PUMA Group’s AI-Generated Cybersecurity Score
According to Rankiteo, PUMA Group’s AI-generated cybersecurity score is 712, reflecting their Moderate security posture.
How many security badges does PUMA Group’ have ?
According to Rankiteo, PUMA Group currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Has PUMA Group been affected by any supply chain cyber incidents ?
According to Rankiteo, PUMA Group has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.
Does PUMA Group have SOC 2 Type 1 certification ?
According to Rankiteo, PUMA Group is not certified under SOC 2 Type 1.
Does PUMA Group have SOC 2 Type 2 certification ?
According to Rankiteo, PUMA Group does not hold a SOC 2 Type 2 certification.
Does PUMA Group comply with GDPR ?
According to Rankiteo, PUMA Group is not listed as GDPR compliant.
Does PUMA Group have PCI DSS certification ?
According to Rankiteo, PUMA Group does not currently maintain PCI DSS compliance.
Does PUMA Group comply with HIPAA ?
According to Rankiteo, PUMA Group is not compliant with HIPAA regulations.
Does PUMA Group have ISO 27001 certification ?
According to Rankiteo,PUMA Group is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of PUMA Group
PUMA Group operates primarily in the Retail industry.
Number of Employees at PUMA Group
PUMA Group employs approximately 21,972 people worldwide.
Subsidiaries Owned by PUMA Group
PUMA Group presently has no subsidiaries across any sectors.
PUMA Group’s LinkedIn Followers
PUMA Group’s official LinkedIn profile has approximately 1,602,345 followers.
NAICS Classification of PUMA Group
PUMA Group is classified under the NAICS code 43, which corresponds to Retail Trade.
PUMA Group’s Presence on Crunchbase
No, PUMA Group does not have a profile on Crunchbase.
PUMA Group’s Presence on LinkedIn
Yes, PUMA Group maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/puma.
Cybersecurity Incidents Involving PUMA Group
As of January 24, 2026, Rankiteo reports that PUMA Group has experienced 2 cybersecurity incidents.
Number of Peer and Competitor Companies
PUMA Group has an estimated 15,596 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at PUMA Group ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach and Data Leak.
Incident Details
Can you provide details on each incident ?
Title: Puma Employee Data Breach via Ultimate Kronos Group
Description: The data of Puma Employees was breached in a ransomware attack that hit Ultimate Kronos Group, an HR management platform. The data includes names, Social Security numbers, and other personal information.
Type: Data Breach, Ransomware
Title: Data Breach of Puma Customers in Chile
Description: Private data allegedly belonging to more than 230,000 Puma customers in Chile has been found on a hacker forum. The threat actor listed an 84MB-strong dataset for sale that allegedly belonging to 237,013 users. The data included Customer Email, Telephone, Customer Name, Documento, Purchase Date, Bill-to Name, Ship-to Name, Grand Total (Base), Grand Total (Purchased), Billing Address, Shipping Address, Subtotal, Shipping and Handling, Medio de pago, Oms Number, Coupon Code, Cart Rule, Estado del Pago, Ciudad, Region.
Type: Data Breach
Motivation: Financial Gain
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Data Leak.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach, Ransomware PUM1910222
Data Compromised: Names, Social security numbers, Other personal information
Incident : Data Breach PUM231924123
Data Compromised: Customer email, Telephone, Customer name, Documento, Purchase date, Bill-to name, Ship-to name, Grand total (base), Grand total (purchased), Billing address, Shipping address, Subtotal, Shipping and handling, Medio de pago, Oms number, Coupon code, Cart rule, Estado del pago, Ciudad, Region
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Names, Social Security Numbers, Other Personal Information, , Customer Email, Telephone, Customer Name, Documento, Purchase Date, Bill-To Name, Ship-To Name, Grand Total (Base), Grand Total (Purchased), Billing Address, Shipping Address, Subtotal, Shipping And Handling, Medio De Pago, Oms Number, Coupon Code, Cart Rule, Estado Del Pago, Ciudad, Region and .
Which entities were affected by each incident ?
Incident : Data Breach, Ransomware PUM1910222
Entity Name: Ultimate Kronos Group
Entity Type: Company
Industry: HR Management
Incident : Data Breach PUM231924123
Entity Name: Puma
Entity Type: Retail
Industry: Sporting Goods
Location: Chile
Customers Affected: 237013
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach, Ransomware PUM1910222
Type of Data Compromised: Names, Social security numbers, Other personal information
Sensitivity of Data: High
Incident : Data Breach PUM231924123
Type of Data Compromised: Customer email, Telephone, Customer name, Documento, Purchase date, Bill-to name, Ship-to name, Grand total (base), Grand total (purchased), Billing address, Shipping address, Subtotal, Shipping and handling, Medio de pago, Oms number, Coupon code, Cart rule, Estado del pago, Ciudad, Region
Number of Records Exposed: 237013
Additional Questions
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were names, Social Security numbers, other personal information, , Customer Email, Telephone, Customer Name, Documento, Purchase Date, Bill-to Name, Ship-to Name, Grand Total (Base), Grand Total (Purchased), Billing Address, Shipping Address, Subtotal, Shipping and Handling, Medio de pago, Oms Number, Coupon Code, Cart Rule, Estado del Pago, Ciudad, Region and .
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Shipping and Handling, Documento, Billing Address, Customer Name, Grand Total (Base), Bill-to Name, other personal information, Purchase Date, Cart Rule, Telephone, Medio de pago, Estado del Pago, Region, Grand Total (Purchased), Customer Email, Subtotal, Oms Number, Shipping Address, Social Security numbers, Coupon Code, Ciudad, names and Ship-to Name.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 250.0.
.png)
Latest Global CVEs (Not Company-Specific)
Description
Typemill is a flat-file, Markdown-based CMS designed for informational documentation websites. A reflected Cross-Site Scripting (XSS) exists in the login error view template `login.twig` of versions 2.19.1 and below. The `username` value can be echoed back without proper contextual encoding when authentication fails. An attacker can execute script in the login page context. This issue has been fixed in version 2.19.2.
Risk Information
cvss3
Base: 5.4
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Description
A DOM-based Cross-Site Scripting (XSS) vulnerability exists in the DomainCheckerApp class within domain/script.js of Sourcecodester Domain Availability Checker v1.0. The vulnerability occurs because the application improperly handles user-supplied data in the createResultElement method by using the unsafe innerHTML property to render domain search results.
Description
A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Modern Image Gallery App v1.0 within the gallery/upload.php component. The application fails to properly validate uploaded file contents. Additionally, the application preserves the user-supplied file extension during the save process. This allows an unauthenticated attacker to upload arbitrary PHP code by spoofing the MIME type as an image, leading to full system compromise.
Description
A UNIX symbolic link following issue in the jailer component in Firecracker version v1.13.1 and earlier and 1.14.0 on Linux may allow a local host user with write access to the pre-created jailer directories to overwrite arbitrary host files via a symlink attack during the initialization copy at jailer startup, if the jailer is executed with root privileges. To mitigate this issue, users should upgrade to version v1.13.2 or 1.14.1 or above.
Risk Information
cvss3
Base: 6.0
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
cvss4
Base: 6.0
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description
An information disclosure vulnerability exists in the /srvs/membersrv/getCashiers endpoint of the Aptsys gemscms backend platform thru 2025-05-28. This unauthenticated endpoint returns a list of cashier accounts, including names, email addresses, usernames, and passwords hashed using MD5. As MD5 is a broken cryptographic function, the hashes can be easily reversed using public tools, exposing user credentials in plaintext. This allows remote attackers to perform unauthorized logins and potentially gain access to sensitive POS operations or backend functions.
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=puma' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
