Company Details
scalable-capital
581
56,133
52
scalable.capital
0
SCA_2498266
In-progress

Scalable Capital Company CyberSecurity Posture
scalable.capitalScalable Capital is a leading FinTech in Europe, bringing people and technology-based investment together. The company was founded in 2014 and has offices in Munich, Berlin and London. For private individuals, Scalable Capital offers a broker with a trading flat rate and interest and a digital wealth management. In digital wealth management, the company creates and manages globally diversified ETF portfolios for its clients with sustainable investment strategies when desired. The broker enables private individuals to trade stocks, ETFs, crypto, funds and more with as little as €1 and to set up ETF and stock savings plans with as little as €1. As a fast-growing FinTech, we are constantly looking for new employees and also welcome unsolicited applications: https://careers.scalable.capital/ For further information please visit our website: www.scalable.capital. Scalable Capital refers to Scalable GmbH and the affiliated companies. If this online presence contains information regarding capital markets, financial instruments and/or other topics relevant for investments of assets, the exclusive purpose of this information is to give general guidance on the investment services provided by Scalable Capital Limited and Scalable Capital GmbH. Our Privacy Policy can be found here: www.scalable.capital/privacy-policy
Company Details
scalable-capital
581
56,133
52
scalable.capital
0
SCA_2498266
In-progress
Between 700 and 749

Scalable Capital Global Score (TPRM)XXXX

Description: A data protection breach at Scalable Capital resulted in the theft of sensitive information, including the identification, tax, and account information of about 20,000 clients. A letter that stated there had been an unauthorized access to private client information in its document archive was used to notify the impacted clients of the issue. The company claimed that during the incident, access was made to contact information, securities accounts, tax identity numbers, accounts with other banks, and ID details. Since there is no externally exploitable security hole in its system, the robo-adviser believes the leak was caused by extensive insider knowledge.


No incidents recorded for Scalable Capital in 2025.
No incidents recorded for Scalable Capital in 2025.
No incidents recorded for Scalable Capital in 2025.
Scalable Capital cyber incidents detection timeline including parent company and subsidiaries

Scalable Capital is a leading FinTech in Europe, bringing people and technology-based investment together. The company was founded in 2014 and has offices in Munich, Berlin and London. For private individuals, Scalable Capital offers a broker with a trading flat rate and interest and a digital wealth management. In digital wealth management, the company creates and manages globally diversified ETF portfolios for its clients with sustainable investment strategies when desired. The broker enables private individuals to trade stocks, ETFs, crypto, funds and more with as little as €1 and to set up ETF and stock savings plans with as little as €1. As a fast-growing FinTech, we are constantly looking for new employees and also welcome unsolicited applications: https://careers.scalable.capital/ For further information please visit our website: www.scalable.capital. Scalable Capital refers to Scalable GmbH and the affiliated companies. If this online presence contains information regarding capital markets, financial instruments and/or other topics relevant for investments of assets, the exclusive purpose of this information is to give general guidance on the investment services provided by Scalable Capital Limited and Scalable Capital GmbH. Our Privacy Policy can be found here: www.scalable.capital/privacy-policy


Barclays Investment Bank deploys financial solutions to help our clients with their funding, financing, strategic and risk management needs across sectors, markets and economies. The Investment Bank is comprised of the Investment Banking, International Corporate Banking, Global Markets and Researc

Motilal Oswal Financial Services Ltd. (MOFSL) was founded in 1987 as a small sub-broking unit, with just 2 people running the show. Focus on a customer-first attitude, ethical and transparent business practices, respect for professionalism, research-based value investing, and implementation of cutti

SM Investments Corporation is a leading Philippine company that is invested in market-leading businesses in retail, banking, and property. It also invests in ventures that capture high growth opportunities in the emerging Philippine economy. SM’s retail operations are the country’s largest and most

Discover® is now part of Capital One. Together, we’ll continue to deliver exceptional financial products and experiences, drive innovation, and serve customers. Find the latest updates at https://capitalonediscover.com. Discover is one of the most recognized brands in the U.S. with the Discover® ca

Paytm started the Digital Revolution in India. And we went on to become India’s leading Payments App. Today, more than 20 Million merchants & businesses are powered by Paytm to Accept Payments digitally. This is because more than 300 million Indians use Paytm to Pay at their stores. And that’s not

KPMG is one of the world’s leading professional services firms and the fastest growing Big Four accounting firm in the United States. With 75+ offices and more than 40,000 employees and partners throughout the US, we’re leading the industry in new and exciting ways. Our size and strength make us muc
Citi's mission is to serve as a trusted partner to our clients by responsibly providing financial services that enable growth and economic progress. Our core activities are safeguarding assets, lending money, making payments and accessing the capital markets on behalf of our clients. We have over 20
At Equifax (NYSE: EFX), we believe knowledge drives progress. As a global data, analytics, and technology company, we play an essential role in the global economy by helping financial institutions, companies, employers, and government agencies make critical decisions with greater confidence. Our uni

CIMB Group is a leading ASEAN universal bank, one of the largest Asian investment banks and one of the world's largest Islamic banks. We are headquartered in Kuala Lumpur, Malaysia and offer consumer banking, commercial banking, wholesale banking, Islamic banking, and asset management products and
.png)
88 words | Data & Security, Policy & Funding | Office of the Chief Information Officer, cybersecurity. The Department of Management Office of the Chief...
Discover all unicorn startups from Germany as of December 2025, with insights on valuations, funding, top investors, sectors,...
BOSTON--(BUSINESS WIRE)--Cyberbit, a leader in hyper-realistic attack simulation cyber ranges and SOC (Security Operations Center) readiness...
The San Diego based attorney brings legal structure and operational clarity to emerging investment professionals SAN DIEGO,...
According to the latest Cybersecurity VC Trends report from PitchBook, the industry saw $4 billion invested across 163 transactions.
The Q2 2025 Cybersecurity VC Trends report provides an analysis of recent VC activity and includes a market map of leading VC-backed...
Capgemini's Continuous Protection services secure data, infrastructure, and users across IT, OT, and cloud—ensuring future-ready, scalable defense.
Cynomi, the AI-powered vCISO platform trusted by over 300 service providers, has launched the ELEVATE Partner Program to help MSPs and MSSPs...
Former IBM, Microsoft, Amazon and military cybersecurity leaders have combined to introduce a new cyber category — embedding various AI/ML...

Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
The official website of Scalable Capital is http://www.scalable.capital.
According to Rankiteo, Scalable Capital’s AI-generated cybersecurity score is 732, reflecting their Moderate security posture.
According to Rankiteo, Scalable Capital currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
According to Rankiteo, Scalable Capital is not certified under SOC 2 Type 1.
According to Rankiteo, Scalable Capital does not hold a SOC 2 Type 2 certification.
According to Rankiteo, Scalable Capital is not listed as GDPR compliant.
According to Rankiteo, Scalable Capital does not currently maintain PCI DSS compliance.
According to Rankiteo, Scalable Capital is not compliant with HIPAA regulations.
According to Rankiteo,Scalable Capital is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Scalable Capital operates primarily in the Financial Services industry.
Scalable Capital employs approximately 581 people worldwide.
Scalable Capital presently has no subsidiaries across any sectors.
Scalable Capital’s official LinkedIn profile has approximately 56,133 followers.
Scalable Capital is classified under the NAICS code 52, which corresponds to Finance and Insurance.
Yes, Scalable Capital has an official profile on Crunchbase, which can be accessed here: https://www.crunchbase.com/organization/scalable-capital.
Yes, Scalable Capital maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/scalable-capital.
As of December 20, 2025, Rankiteo reports that Scalable Capital has experienced 1 cybersecurity incidents.
Scalable Capital has an estimated 30,672 peer or competitor companies worldwide.
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
Detection and Response: The company detects and responds to cybersecurity incidents through an communication strategy with notified affected clients via letter..
Title: Data Protection Breach at Scalable Capital
Description: A data protection breach at Scalable Capital resulted in the theft of sensitive information, including the identification, tax, and account information of about 20,000 clients. Affected clients were notified via a letter stating there had been unauthorized access to private client information in its document archive. The company claims that access was made to contact information, securities accounts, tax identity numbers, accounts with other banks, and ID details. The robo-adviser believes the leak was caused by extensive insider knowledge.
Type: Data Breach
Attack Vector: Insider Threat
Threat Actor: Insider
Common Attack Types: The most common types of attacks the company has faced is Breach.

Data Compromised: Identification information, Tax information, Account information, Contact information, Securities accounts, Tax identity numbers, Accounts with other banks, Id details
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Identification Information, Tax Information, Account Information, Contact Information, Securities Accounts, Tax Identity Numbers, Accounts With Other Banks, Id Details and .

Entity Name: Scalable Capital
Entity Type: Company
Industry: Financial Services
Customers Affected: 20000

Communication Strategy: Notified affected clients via letter

Type of Data Compromised: Identification information, Tax information, Account information, Contact information, Securities accounts, Tax identity numbers, Accounts with other banks, Id details
Number of Records Exposed: 20000
Sensitivity of Data: High
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Notified affected clients via letter.

Customer Advisories: Notified affected clients via letter
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: was Notified affected clients via letter.

Root Causes: Extensive insider knowledge
Last Attacking Group: The attacking group in the last incident was an Insider.
Most Significant Data Compromised: The most significant data compromised in an incident were Identification information, Tax information, Account information, Contact information, Securities accounts, Tax identity numbers, Accounts with other banks, ID details and .
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Account information, ID details, Contact information, Tax information, Tax identity numbers, Securities accounts, Identification information and Accounts with other banks.
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 200.0.
Most Recent Customer Advisory: The most recent customer advisory issued was an Notified affected clients via letter.
.png)
n8n is an open source workflow automation platform. Versions starting with 0.211.0 and prior to 1.120.4, 1.121.1, and 1.122.0 contain a critical Remote Code Execution (RCE) vulnerability in their workflow expression evaluation system. Under certain conditions, expressions supplied by authenticated users during workflow configuration may be evaluated in an execution context that is not sufficiently isolated from the underlying runtime. An authenticated attacker could abuse this behavior to execute arbitrary code with the privileges of the n8n process. Successful exploitation may lead to full compromise of the affected instance, including unauthorized access to sensitive data, modification of workflows, and execution of system-level operations. This issue has been fixed in versions 1.120.4, 1.121.1, and 1.122.0. Users are strongly advised to upgrade to a patched version, which introduces additional safeguards to restrict expression evaluation. If upgrading is not immediately possible, administrators should consider the following temporary mitigations: Limit workflow creation and editing permissions to fully trusted users only; and/or deploy n8n in a hardened environment with restricted operating system privileges and network access to reduce the impact of potential exploitation. These workarounds do not fully eliminate the risk and should only be used as short-term measures.
FastAPI Users allows users to quickly add a registration and authentication system to their FastAPI project. Prior to version 15.0.2, the OAuth login state tokens are completely stateless and carry no per-request entropy or any data that could link them to the session that initiated the OAuth flow. `generate_state_token()` is always called with an empty `state_data` dict, so the resulting JWT only contains the fixed audience claim plus an expiration timestamp. On callback, the library merely checks that the JWT verifies under `state_secret` and is unexpired; there is no attempt to match the state value to the browser that initiated the OAuth request, no correlation cookie, and no server-side cache. Any attacker can hit `/authorize`, capture the server-generated state, finish the upstream OAuth flow with their own provider account, and then trick a victim into loading `.../callback?code=<attacker_code>&state=<attacker_state>`. Because the state JWT is valid for any client for \~1 hour, the victim’s browser will complete the flow. This leads to login CSRF. Depending on the app’s logic, the login CSRF can lead to an account takeover of the victim account or to the victim user getting logged in to the attacker's account. Version 15.0.2 contains a patch for the issue.
FileZilla Client 3.63.1 contains a DLL hijacking vulnerability that allows attackers to execute malicious code by placing a crafted TextShaping.dll in the application directory. Attackers can generate a reverse shell payload using msfvenom and replace the missing DLL to achieve remote code execution when the application launches.
LDAP Tool Box Self Service Password 1.5.2 contains a password reset vulnerability that allows attackers to manipulate HTTP Host headers during token generation. Attackers can craft malicious password reset requests that generate tokens sent to a controlled server, enabling potential account takeover by intercepting and using stolen reset tokens.
Kimai 1.30.10 contains a SameSite cookie vulnerability that allows attackers to steal user session cookies through malicious exploitation. Attackers can trick victims into executing a crafted PHP script that captures and writes session cookie information to a file, enabling potential session hijacking.

Get company history
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.