Rankiteo Logo
Rankiteo
Leader in Cyber Underwriting
Loading...
NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop
WindowsmacOSLinux
Download
Sam's Club

Sam's Club Vendor Cyber Rating & Cyber Score

samsclub.com

Sam’s Club (Nasdaq: WMT) a division of Walmart Inc., is the membership warehouse club solution for everyday living. Our President and CEO is Chris Nicholas and our headquarters is in Bentonville, AR. For the fiscal year ending January 31, 2023, Sam’s Club’s total revenue was $84.3 billion. There are almost 600 clubs across the U.S and Puerto Rico and each averages approximately 136,000 square feet. Our first club opened in Midwest City, Oklahoma, in 1983. Many clubs include sustainable features such as day-lighting with skylights, night dimming, central energy management, water-conserving fixtures, natural concrete floors and recycling. Sam’s Club employs thousands of associates in the U.S. and Puerto Rico. Approximately 75 percent of


Sam's Club A.I CyberSecurity Scoring

Sam's Club
Company Information
Website:http://www.samsclub.com
Employees number:47,591
Number of followers:409,679
NAICS:43
Industry Type:Retail
Homepage:samsclub.com
Sam's Club Risk Score (AI oriented)
Between 700 and 749
logo
Sam's ClubRetail
Updated:
30/04/2026
712/1000
Moderate
Ba
AaaAaABaaBaBCaaCaC
Powered by our proprietary A.I cyber incident model
Insurance prefers TPRM score to calculate premium
Sam's Club Global Score (TPRM)
xxxx
logo
Sam's ClubRetail
•••
Score locked
Instant access to detailed risk factors
Vulnerabilities
Benchmark vs. industry & size peers
Findings

Sam's Club
Sam's ClubModerate
Current Score
712Ba (MODERATE)
01000
4 incidents
-27 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
717Before Incident
JUNE 2026
716Before Incident
MAY 2026
714Before Incident
APRIL 2026
739Before Incident
Cyber Attack
16 Apr 2026Sam's Club
Amazon, Temu, Sam’s Club, Grubhub, Lyft, CountryMax and Elf Cosmetics: Misconfigured Server Run by Hackers Leaks 345,000 Stolen Credit Cards

AI Coding Error Exposes Massive Stolen Credit Card Database

712After Incident
HIGH-27
ELFTEMCOUGRUAMASAMLYF1777580773
AI Coding Error Exposes Massive Stolen Credit Card Database On 16 April, cybersecurity researchers uncovered a misconfigured server linked to Jerry’s Store, a dark web carding marketplace where hackers verify stolen credit cards. The leak stemmed from an AI-assisted coding mistake, revealing the group’s entire database including 345,000 credit cards, of which 145,000 were active. The hackers used Cursor, an AI-powered code editor, to build a statistics dashboard. However, the AI generated an unauthenticated open web directory instead of a secure page, exposing the server to public access. Researchers found that Cursor’s lack of safety guardrails allowed the tool to assist in criminal activity without intervention, despite recognizing its use for credit card fraud. The group tested stolen cards by making small transactions on major platforms, including Amazon (US & JP), Grubhub, Sam’s Club, Temu, Lyft, Elf Cosmetics, and CountryMax. Successful payments confirmed a card’s validity, increasing its dark web value $7 to $18 per card, with the full dataset potentially worth $2.6 million. The exposed data included card numbers, security codes, cardholder names, and home addresses. Jerry’s Store, launched in late 2023, appears to be operated by a Chinese-speaking individual, though the server was hosted in Germany, likely via a bulletproof hosting provider to evade detection. While the incident highlights risks in AI-assisted development, researchers noted that the leak also disrupted criminal operations by exposing their methods. Cursor has not yet responded to the findings.
INCIDENT DETAILS -
TYPE
Data Breach
MOTIVATION
Financial gain (credit card fraud)
IMPACT
Financial Loss: $2.6 million (potential dark web value)Data Compromised: 345,000 credit cards (145,000 active)Systems Affected: Jerry’s Store dark web marketplace serverOperational Impact: Disruption of criminal operations (exposure of methods)Identity Theft Risk: High (card numbers, security codes, cardholder names, home addresses exposed)Payment Information Risk: High (stolen credit card details)
DATA BREACH
Credit card numbersSecurity codesCardholder namesHome addressesNumber Of Records Exposed: 345,000Sensitivity Of Data: High (financial and personally identifiable information)Personally Identifiable Information: Yes (names, addresses)
MARCH 2026
739Before Incident
FEBRUARY 2026
738Before Incident
JANUARY 2026
737Before Incident
DECEMBER 2025
735Before Incident
NOVEMBER 2025
732Before Incident
OCTOBER 2025
731Before Incident
SEPTEMBER 2025
732Before Incident
AUGUST 2025
730Before Incident
NOVEMBER 2023
740Before Incident
Breach
01 Nov 2023Sam's Club
Sam’s Club

Sam’s Club Unauthorized Account Access Incident

695After Incident
CRITICAL-45
SAM021091825
In mid-November, Sam’s Club reported a data breach where unauthorized individuals gained access to customer accounts using credentials likely obtained from an external source. The incident exposed sensitive personal information, including names, phone numbers, postal addresses, and payment card details. While the exact number of affected customers remains undisclosed, the breach poses significant risks such as identity theft, financial fraud, and reputational damage. The compromised payment card data could lead to fraudulent transactions, while the exposure of personal details increases the likelihood of targeted phishing or social engineering attacks. The breach underscores vulnerabilities in credential security and the potential for cascading harm when third-party credentials are reused across platforms. Customers are advised to monitor their accounts for suspicious activity and update their login credentials to mitigate further risks.
INCIDENT DETAILS -
TYPE
Data Breach / Unauthorized Access
IMPACT
NamesPhone NumbersPostal AddressesPayment Card DetailsIdentity Theft Risk: Potential (due to PII exposure)Payment Information Risk: Potential (payment card details exposed)
DATA BREACH
Personally Identifiable Information (PII)Payment Card InformationNumber Of Records Exposed: UnknownSensitivity Of Data: High (includes PII and payment details)
SEPTEMBER 2020
724Before Incident
Breach
24 Sep 2020Sam's Club
Sam's Club

Sam's Club Data Breach (2020)

679After Incident
CRITICAL-45
SAM025091825
The California Office of the Attorney General disclosed a data breach targeting Sam's Club in October 2020, stemming from an incident on September 24, 2020. Unauthorized actors gained access to member accounts using stolen login credentials, compromising personal information of affected individuals. While the exact scope of exposed data was not detailed, such breaches typically involve sensitive details like names, contact information, membership IDs, or payment data—posing risks of identity theft, phishing, or financial fraud. The breach underscored vulnerabilities in credential security, highlighting the need for stronger authentication measures. Sam’s Club likely faced reputational damage and potential regulatory scrutiny, though no evidence suggested systemic operational disruption or ransomware involvement. Customers were advised to monitor accounts and update passwords, but the long-term impact on trust and membership retention remained a concern.
INCIDENT DETAILS -
TYPE
Data Breach
IMPACT
Personal InformationIdentity Theft Risk: Potential
DATA BREACH
Personal InformationPersonally Identifiable Information: Potential
JUNE 2020
811Before Incident
Ransomware
16 Jun 2020Sam's Club
Sam's Club

Potential Security Incident at Sam's Club

722After Incident
CRITICAL-89
SAM248032825
Sam's Club, a subsidiary of Walmart, is investigating a potential security incident following claims of a breach by the Clop ransomware gang. Clop has added Sam's Club to its leak site but has not yet released proof. The breach may involve the exploitation of a zero-day vulnerability in Cleo file transfer software, which Sam's Club may have used. Prior incidents include credential stuffing in 2020, but the current situation remains under investigation with no explicit customer or employee data known to be compromised.
INCIDENT DETAILS -
TYPE
Ransomware

Frequently Asked Questions

?
What is the current A.I Rankiteo Cyber Score for Sam's Club ?
?
What was Sam's Club's A.I Rankiteo Cyber Score in June 2026 ?
?
What was Sam's Club's A.I Rankiteo Cyber Score in May 2026 ?
?
What was Sam's Club's A.I Rankiteo Cyber Score in April 2026 ?
?
What was Sam's Club's A.I Rankiteo Cyber Score in March 2026 ?
?
What was Sam's Club's A.I Rankiteo Cyber Score in February 2026 ?
?
What was Sam's Club's A.I Rankiteo Cyber Score in January 2026 ?
?
What was Sam's Club's A.I Rankiteo Cyber Score in December 2025 ?
?
What was Sam's Club's A.I Rankiteo Cyber Score in November 2025 ?
?
What was Sam's Club's A.I Rankiteo Cyber Score in October 2025 ?
?
What was Sam's Club's A.I Rankiteo Cyber Score in September 2025 ?
?
What was Sam's Club's A.I Rankiteo Cyber Score in August 2025 ?
?
What is the average per-incident point impact on Sam's Club's A.I Rankiteo Cyber Score over the past 12 months ?
?
Where can I access detailed records of all cyber incidents associated with Sam's Club ?
?
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ?
?
Where can I view Sam's Club's profile page on Rankiteo ?
?
How accurate is the A.I Rankiteo Risk Scoring methodology ?