RDB
Company Details
Linkedin ID:
rr-donnelley-brasil
Website:
Employees number:
122
Number of followers:
2,455
NAICS:
323
Industry Type:
Homepage:
rrdonnelley.com.br
IP Addresses:
0
Company ID:
RR _2721534
Scan Status:
In-progress
RR Donnelley Brasil Company CyberSecurity Posture
rrdonnelley.com.br
A RR Donnelley está presente no Brasil há mais de 45 anos com três unidades industriais, duas localizadas em São Paulo, uma em Osasco voltada para a produção de dados variáveis e produtos que exigem segurança, a outra em Tamboré, direcionada para o setor editorial e, a terceira, em Blumenau, Santa Catarina, que atende o mercado corporativo com as mais variadas demandas como documentos transacionais e material promocional. No Brasil temos as certificações de segurança ABNT, NBR 15540, ISO 9001, ISO 27001, SFI, FSC e PEFEC. Comprovamos nossa expertise oferecendo aos clientes soluções integradas que unem criação, impressão, produção gráfica e a personalização. Além disso, estamos atentos às soluções digitais e as inovações, englobando inteligências do QR Code e o rastreamento dos materiais. Entendemos que a qualidade é a plena satisfação do cliente. Por isso, apostamos no colaborador, que une a sua experiência para garantir um atendimento de excelência e qualidade incontestável. Com funcionários bem treinados e capacitados, conseguimos desvendar as necessidades explícitas e implícitas do cliente, garantindo o bom atendimento e o cumprimento dos prazos.
RR Donnelley Brasil A.I CyberSecurity Scoring
RDB Risk Score (AI oriented)Between 750 and 799
RDB
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
RDB Global Score (TPRM)XXXX
RDB
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
RDB Company CyberSecurity News & History
Past Incidents
3
Attack Types
2
R. R. Donnelley & Sons Company
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The Washington Attorney General's Office reported a data breach involving R. R. Donnelley & Sons Company (RRD) on August 5, 2022. The breach, identified on December 23, 2021, resulted from a phishing attack that targeted employees and ultimately affected 648 Washington residents, exposing names, social security numbers, driver’s license numbers, and dates of birth.
R. R. Donnelley & Sons Company
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: On October 9, 2020, **R. R. Donnelley & Sons Company** experienced a data breach reported by the Maine Office of the Attorney General on November 13, 2020. The incident involved the **inadvertent disclosure of Social Security Numbers (SSNs)**, affecting **13 Maine residents** among a total of **2,657 individuals** whose sensitive data was exposed. The breach stemmed from an internal error leading to unauthorized access or exposure of personally identifiable information (PII), specifically SSNs—a high-value target for identity theft and fraud. While the total number of impacted individuals was substantial, the immediate focus was on the **13 Maine residents**, whose SSNs were confirmed compromised. The company initiated notifications to affected parties on **November 16, 2020**, likely offering credit monitoring or identity protection services as remediation. The breach highlights vulnerabilities in data handling procedures, particularly around the safeguarding of critical identifiers like SSNs, which can have long-term repercussions for victims, including financial fraud, credit damage, and reputational harm to the organization.
RR Donnelley
Ransomware
Rankiteo Explanation
Attack threatening the organization's existence
Description: Marketing giant RR Donnelly was targeted by the Conti ransomware that led to the shut down of their network. The disrupted services interrupted many operations for the customers. A large quantity of data was stolen in the attack and the attackers leaked about 2.5GB of data stolen from the RRD.
RDB Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for RDB
Incidents vs Printing Services Industry Average (This Year)
No incidents recorded for RR Donnelley Brasil in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for RR Donnelley Brasil in 2025.
Incident Types RDB vs Printing Services Industry Avg (This Year)
No incidents recorded for RR Donnelley Brasil in 2025.
Incident History — RDB (X = Date, Y = Severity)
RDB cyber incidents detection timeline including parent company and subsidiaries
RDB Company Subsidiaries
A RR Donnelley está presente no Brasil há mais de 45 anos com três unidades industriais, duas localizadas em São Paulo, uma em Osasco voltada para a produção de dados variáveis e produtos que exigem segurança, a outra em Tamboré, direcionada para o setor editorial e, a terceira, em Blumenau, Santa Catarina, que atende o mercado corporativo com as mais variadas demandas como documentos transacionais e material promocional. No Brasil temos as certificações de segurança ABNT, NBR 15540, ISO 9001, ISO 27001, SFI, FSC e PEFEC. Comprovamos nossa expertise oferecendo aos clientes soluções integradas que unem criação, impressão, produção gráfica e a personalização. Além disso, estamos atentos às soluções digitais e as inovações, englobando inteligências do QR Code e o rastreamento dos materiais. Entendemos que a qualidade é a plena satisfação do cliente. Por isso, apostamos no colaborador, que une a sua experiência para garantir um atendimento de excelência e qualidade incontestável. Com funcionários bem treinados e capacitados, conseguimos desvendar as necessidades explícitas e implícitas do cliente, garantindo o bom atendimento e o cumprimento dos prazos.
Loading...
RDB Similar Companies
RR Donnelley
RRD provides a complete portfolio of marketing, packaging, print and business services to the world’s most respected brands, including 91% of the Fortune 100. Our proprietary technology, advanced data analytics and established expertise fuel organizational decision-making, from strategy through ex
.png)
RDB CyberSecurity News
June 24, 2024 07:00 AM
SEC Charges R.R. Donnelley for Ransomware Attack Response
On June 18, 2024, the U.S. Securities and Exchange Commission (“SEC”) announced a settlement with R.R. Donnelley & Sons Co.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
RDB CyberSecurity History Information
Official Website of RR Donnelley Brasil
The official website of RR Donnelley Brasil is http://www.rrdonnelley.com.br/.
RR Donnelley Brasil’s AI-Generated Cybersecurity Score
According to Rankiteo, RR Donnelley Brasil’s AI-generated cybersecurity score is 754, reflecting their Fair security posture.
How many security badges does RR Donnelley Brasil’ have ?
According to Rankiteo, RR Donnelley Brasil currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does RR Donnelley Brasil have SOC 2 Type 1 certification ?
According to Rankiteo, RR Donnelley Brasil is not certified under SOC 2 Type 1.
Does RR Donnelley Brasil have SOC 2 Type 2 certification ?
According to Rankiteo, RR Donnelley Brasil does not hold a SOC 2 Type 2 certification.
Does RR Donnelley Brasil comply with GDPR ?
According to Rankiteo, RR Donnelley Brasil is not listed as GDPR compliant.
Does RR Donnelley Brasil have PCI DSS certification ?
According to Rankiteo, RR Donnelley Brasil does not currently maintain PCI DSS compliance.
Does RR Donnelley Brasil comply with HIPAA ?
According to Rankiteo, RR Donnelley Brasil is not compliant with HIPAA regulations.
Does RR Donnelley Brasil have ISO 27001 certification ?
According to Rankiteo,RR Donnelley Brasil is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of RR Donnelley Brasil
RR Donnelley Brasil operates primarily in the Printing Services industry.
Number of Employees at RR Donnelley Brasil
RR Donnelley Brasil employs approximately 122 people worldwide.
Subsidiaries Owned by RR Donnelley Brasil
RR Donnelley Brasil presently has no subsidiaries across any sectors.
RR Donnelley Brasil’s LinkedIn Followers
RR Donnelley Brasil’s official LinkedIn profile has approximately 2,455 followers.
NAICS Classification of RR Donnelley Brasil
RR Donnelley Brasil is classified under the NAICS code 323, which corresponds to Printing and Related Support Activities.
RR Donnelley Brasil’s Presence on Crunchbase
No, RR Donnelley Brasil does not have a profile on Crunchbase.
RR Donnelley Brasil’s Presence on LinkedIn
Yes, RR Donnelley Brasil maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/rr-donnelley-brasil.
Cybersecurity Incidents Involving RR Donnelley Brasil
As of December 17, 2025, Rankiteo reports that RR Donnelley Brasil has experienced 3 cybersecurity incidents.
Number of Peer and Competitor Companies
RR Donnelley Brasil has an estimated 5,156 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at RR Donnelley Brasil ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach and Ransomware.
How does RR Donnelley Brasil detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an communication strategy with notification to affected individuals (scheduled for 2020-11-16)..
Incident Details
Can you provide details on each incident ?
Title: RR Donnelly Ransomware Attack
Description: Marketing giant RR Donnelly was targeted by the Conti ransomware that led to the shut down of their network. The disrupted services interrupted many operations for the customers. A large quantity of data was stolen in the attack and the attackers leaked about 2.5GB of data stolen from the RRD.
Type: Ransomware Attack
Threat Actor: Conti Ransomware
Motivation: Financial Gain
Title: Data Breach at R. R. Donnelley & Sons Company
Description: The Washington Attorney General's Office reported a data breach involving R. R. Donnelley & Sons Company (RRD) on August 5, 2022. The breach, identified on December 23, 2021, resulted from a phishing attack that targeted employees and ultimately affected 648 Washington residents, exposing names, social security numbers, driver’s license numbers, and dates of birth.
Date Detected: 2021-12-23
Date Publicly Disclosed: 2022-08-05
Type: Data Breach
Attack Vector: Phishing
Title: R. R. Donnelley & Sons Company Data Breach (2020)
Description: The Maine Office of the Attorney General reported a data breach involving R. R. Donnelley & Sons Company on November 13, 2020. The breach, which occurred on October 9, 2020, involved the inadvertent disclosure of Social Security Numbers affecting 13 Maine residents out of a total of 2,657 individuals. Notification to affected individuals was made on November 16, 2020.
Date Detected: 2020-10-09
Date Publicly Disclosed: 2020-11-13
Type: Data Breach
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident ?
Incident : Ransomware Attack RRD31219222
Data Compromised: 2.5gb of data
Systems Affected: Network
Operational Impact: Disrupted servicesInterrupted operations for customers
Incident : Data Breach RR-435072725
Data Compromised: Names, Social security numbers, Driver’s license numbers, Dates of birth
Incident : Data Breach RR-1011091725
Data Compromised: Social security numbers
Identity Theft Risk: High (SSNs exposed)
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Names, Social Security Numbers, Driver’S License Numbers, Dates Of Birth, , Social Security Numbers and .
Which entities were affected by each incident ?
Incident : Ransomware Attack RRD31219222
Entity Name: RR Donnelly
Entity Type: Company
Industry: Marketing
Incident : Data Breach RR-435072725
Entity Name: R. R. Donnelley & Sons Company
Entity Type: Company
Customers Affected: 648
Incident : Data Breach RR-1011091725
Entity Name: R. R. Donnelley & Sons Company
Entity Type: Corporation
Industry: Printing & Business Communications
Location: United States
Customers Affected: 2657
Incident : Data Breach RR-1011091725
Entity Name: Maine Office of the Attorney General
Entity Type: Government
Industry: Legal/Regulatory
Location: Maine, United States
Customers Affected: 13
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach RR-1011091725
Communication Strategy: Notification to affected individuals (scheduled for 2020-11-16)
Data Breach Information
What type of data was compromised in each breach ?
Incident : Ransomware Attack RRD31219222
Data Exfiltration: 2.5GB of data
Incident : Data Breach RR-435072725
Type of Data Compromised: Names, Social security numbers, Driver’s license numbers, Dates of birth
Number of Records Exposed: 648
Sensitivity of Data: High
Incident : Data Breach RR-1011091725
Type of Data Compromised: Social security numbers
Number of Records Exposed: 2657
Sensitivity of Data: High
Ransomware Information
Was ransomware involved in any of the incidents ?
Incident : Ransomware Attack RRD31219222
Ransomware Strain: Conti
Data Exfiltration: ['2.5GB of data']
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Data Breach RR-1011091725
Regulatory Notifications: Maine Office of the Attorney General
References
Where can I find more information about each incident ?
Incident : Data Breach RR-435072725
Source: Washington Attorney General's Office
Date Accessed: 2022-08-05
Incident : Data Breach RR-1011091725
Source: Maine Office of the Attorney General
Date Accessed: 2020-11-13
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Washington Attorney General's OfficeDate Accessed: 2022-08-05, and Source: Maine Office of the Attorney GeneralDate Accessed: 2020-11-13.
Investigation Status
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Notification to affected individuals (scheduled for 2020-11-16).
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Data Breach RR-1011091725
Customer Advisories: Notification letters sent to affected individuals (2020-11-16)
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: was Notification letters sent to affected individuals (2020-11-16).
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident was an Conti Ransomware.
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2021-12-23.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2020-11-13.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were 2.5GB of data, , names, social security numbers, driver’s license numbers, dates of birth, , Social Security Numbers and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was Network.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Social Security Numbers, driver’s license numbers, 2.5GB of data, social security numbers, names and dates of birth.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 920.0.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are Maine Office of the Attorney General and Washington Attorney General's Office.
Stakeholder and Customer Advisories
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued was an Notification letters sent to affected individuals (2020-11-16).
.png)
Latest Global CVEs (Not Company-Specific)
Description
Nagios XI versions prior to 2026R1.1 are vulnerable to local privilege escalation due to an unsafe interaction between sudo permissions and application file permissions. A user‑accessible maintenance script may be executed as root via sudo and includes an application file that is writable by a lower‑privileged user. A local attacker with access to the application account can modify this file to introduce malicious code, which is then executed with elevated privileges when the script is run. Successful exploitation results in arbitrary code execution as the root user.
Risk Information
cvss4
Base: 8.6
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Out of bounds read and write in V8 in Google Chrome prior to 143.0.7499.147 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Description
Use after free in WebGPU in Google Chrome prior to 143.0.7499.147 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Description
SIPGO is a library for writing SIP services in the GO language. Starting in version 0.3.0 and prior to version 1.0.0-alpha-1, a nil pointer dereference vulnerability is in the SIPGO library's `NewResponseFromRequest` function that affects all normal SIP operations. The vulnerability allows remote attackers to crash any SIP application by sending a single malformed SIP request without a To header. The vulnerability occurs when SIP message parsing succeeds for a request missing the To header, but the response creation code assumes the To header exists without proper nil checks. This affects routine operations like call setup, authentication, and message handling - not just error cases. This vulnerability affects all SIP applications using the sipgo library, not just specific configurations or edge cases, as long as they make use of the `NewResponseFromRequest` function. Version 1.0.0-alpha-1 contains a patch for the issue.
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
GLPI is a free asset and IT management software package. Starting in version 9.1.0 and prior to version 10.0.21, an unauthorized user with an API access can read all knowledge base entries. Users should upgrade to 10.0.21 to receive a patch.
Risk Information
cvss3
Base: 6.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=rr-donnelley-brasil' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
