SONAE
Company Details
Linkedin ID:
sonae
Website:
Employees number:
22,394
Number of followers:
325,625
NAICS:
52
Industry Type:
Homepage:
sonae.pt
IP Addresses:
18
Company ID:
SON_1388469
Scan Status:
Completed
SONAE Company CyberSecurity Posture
sonae.pt
Sonae exists to create a lasting positive impact on businesses, people, communities and on the planet. Managing a diverse portfolio of businesses in retail, financial services, technology, investments, shopping centres and telecommunications, Sonae makes the most of its expertise and pushes itself to create the future we all want and need. Creating today a better tomorrow, for all.
SONAE A.I CyberSecurity Scoring
SONAE Risk Score (AI oriented)Between 750 and 799
SONAE
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
SONAE Global Score (TPRM)XXXX
SONAE
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
SONAE Company CyberSecurity News & History
Past Incidents
0
Attack Types
0
No data available
SONAE Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for SONAE
Incidents vs Financial Services Industry Average (This Year)
No incidents recorded for SONAE in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for SONAE in 2025.
Incident Types SONAE vs Financial Services Industry Avg (This Year)
No incidents recorded for SONAE in 2025.
Incident History — SONAE (X = Date, Y = Severity)
SONAE cyber incidents detection timeline including parent company and subsidiaries
SONAE Company Subsidiaries
Sonae exists to create a lasting positive impact on businesses, people, communities and on the planet. Managing a diverse portfolio of businesses in retail, financial services, technology, investments, shopping centres and telecommunications, Sonae makes the most of its expertise and pushes itself to create the future we all want and need. Creating today a better tomorrow, for all.
Loading...
SONAE Similar Companies
Mizuho
This is not your typical financial institution. It’s our people who make us a cut above. Here, every person is respected because of their differences, not in spite of them. We pride ourselves on a culture of purpose, passion and compassion. At Mizuho, we provide the stability of an international in
inCharge Global
inCharge is an Mobile Financial Services company, providing Mobile Banking, mCommerce, Card products, Loyalty programs, Electronic Banking platforms and an Agent network to support Financial Inclusion and Mobile Money. inCharge is partnered with Ecobank, to develop and offer Financial services to th
Broadridge Financial Solutions (NYSE: BR) is a global technology leader with the trusted expertise and transformative technology to help clients and the financial services industry operate, innovate, and grow. We power investing, governance, and communications for our clients – driving operational r
NN Group
NN Group is an international financial services company, active in 10 countries, with a strong presence in a number of European countries and Japan. Our roots lie in the Netherlands, with a rich history of more than 175 years. With our 16,000 employees, NN Group provides retirement services, pensio
Block is one company built from many blocks, all united by the same purpose of economic empowerment. The blocks that form our foundational teams — People, Finance, Counsel, Hardware, Information Security, Platform Infrastructure Engineering, and more — provide support and guidance at the corporate l
XP Inc.
A XP Inc. é uma das maiores instituições financeiras independente do Brasil, dona das marcas XP, Rico, Clear, XP Educação, InfoMoney, entre outras. Com mais de 4,6 milhões de clientes ativos e um valor superior a R$ 1,1 trilhão de ativos sob custódia, há 23 anos vem transformando o mercado financeir
Dubai Holding
Dubai Holding is a diversified global investment company that continues to power Dubai’s growth across 10 key sectors, including real estate, hospitality, leisure & entertainment, media, ICT, design, education, retail, manufacturing & logistics and science. Since 2004, we have made strides with an
MUFG
MUFG (Mitsubishi UFJ Financial Group) is one of the world's leading financial groups. Headquartered in Tokyo and with over 360 years of history, MUFG has a global network with over 2,100 locations in more than 40 markets including the Americas, Europe, the Middle East and Africa, Asia and Oceania. T
American Express
At American Express, we know that with the right backing, people and businesses have the power to progress in incredible ways. Whether we’re supporting our customers’ financial confidence to move ahead, taking commerce to new heights, or encouraging people to explore the world, our colleagues are co
.png)
SONAE CyberSecurity News
September 24, 2025 07:00 AM
Duel Raises $16 Million in Series A
Duel, a New York-based brand advocacy platform for consumer retail brands, has raised $16 million in Series A funding, bringing its total...
September 03, 2025 07:00 AM
Tidal Cyber raises $10m to scale cybersecurity platform
Tidal Cyber, a Virginia-based cybersecurity company focused on Threat-Led Defence, has raised $10m in a Series A round led by Bright Pixel...
September 03, 2025 07:00 AM
Tidal Cyber Secures $10M to Expand Threat-Led Defense
Tidal Cyber has raised $10 million in Series A funding, led by Bright Pixel Capital with support from existing investors.
March 06, 2025 08:00 AM
Knostic Raises $11 Million in Funding
Knostic, a Herndon, VA-based cybersecurity company that provides need-to-know LLM access controls, has secured $11 million in funding.
March 05, 2025 08:00 AM
Knostic Nabs $11 Million to Eliminate Enterprise AI Data Leaks
PRNewswire/ -- Knostic, the world's first provider of need-to-know access controls for Generative AI, today celebrates an $11 million...
February 12, 2025 08:00 AM
Cybersecurity startup Jscrambler to beef up client-side protection with €5 million
Porto-based Jscrambler, a cybersecurity startup focused on client-side protection, today announced the completion of a €5 million investment round.
November 22, 2024 08:00 AM
Trustero Raises $10.35 Million in Series A
Trustero, a Palo Alto, CA-based provider of AI-powered security and compliance solutions, has raised $10.35 million in Series A funding.
September 25, 2024 07:00 AM
Tamnoon raises $12M Series A for cloud security remediation platform
The Israeli startup has developed a hybrid human-AI managed service that reduces cloud exposures and enhances cloud security by optimizing...
September 25, 2024 07:00 AM
Tamnoon Raises $12M Series A Fueling First Hybrid Human-AI Managed Cloud Security Remediation Service
Tamnoon, a leader in Managed Cloud Security Remediation, today announced it has raised $12 million in Series A funding.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
SONAE CyberSecurity History Information
Official Website of SONAE
The official website of SONAE is http://www.sonae.pt.
SONAE’s AI-Generated Cybersecurity Score
According to Rankiteo, SONAE’s AI-generated cybersecurity score is 766, reflecting their Fair security posture.
How many security badges does SONAE’ have ?
According to Rankiteo, SONAE currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does SONAE have SOC 2 Type 1 certification ?
According to Rankiteo, SONAE is not certified under SOC 2 Type 1.
Does SONAE have SOC 2 Type 2 certification ?
According to Rankiteo, SONAE does not hold a SOC 2 Type 2 certification.
Does SONAE comply with GDPR ?
According to Rankiteo, SONAE is not listed as GDPR compliant.
Does SONAE have PCI DSS certification ?
According to Rankiteo, SONAE does not currently maintain PCI DSS compliance.
Does SONAE comply with HIPAA ?
According to Rankiteo, SONAE is not compliant with HIPAA regulations.
Does SONAE have ISO 27001 certification ?
According to Rankiteo,SONAE is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of SONAE
SONAE operates primarily in the Financial Services industry.
Number of Employees at SONAE
SONAE employs approximately 22,394 people worldwide.
Subsidiaries Owned by SONAE
SONAE presently has no subsidiaries across any sectors.
SONAE’s LinkedIn Followers
SONAE’s official LinkedIn profile has approximately 325,625 followers.
NAICS Classification of SONAE
SONAE is classified under the NAICS code 52, which corresponds to Finance and Insurance.
SONAE’s Presence on Crunchbase
No, SONAE does not have a profile on Crunchbase.
SONAE’s Presence on LinkedIn
Yes, SONAE maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/sonae.
Cybersecurity Incidents Involving SONAE
As of November 27, 2025, Rankiteo reports that SONAE has not experienced any cybersecurity incidents.
Number of Peer and Competitor Companies
SONAE has an estimated 29,523 peer or competitor companies worldwide.
SONAE CyberSecurity History Information
How many cyber incidents has SONAE faced ?
Total Incidents: According to Rankiteo, SONAE has faced 0 incidents in the past.
What types of cybersecurity incidents have occurred at SONAE ?
Incident Types: The types of cybersecurity incidents that have occurred include .
Incident Details
What are the most common types of attacks the company has faced ?
Additional Questions
.png)
Latest Global CVEs (Not Company-Specific)
Description
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.
Risk Information
cvss4
Base: 7.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
- https://github.com/angular/angular/commit/0276479e7d0e280e0f8d26fa567d3b7aa97a516f
- https://github.com/angular/angular/commit/05fe6686a97fa0bcd3cf157805b3612033f975bc
- https://github.com/angular/angular/commit/3240d856d942727372a705252f7c8c115394a41e
- https://github.com/angular/angular/releases/tag/19.2.16
- https://github.com/angular/angular/releases/tag/20.3.14
- https://github.com/angular/angular/releases/tag/21.0.1
- https://github.com/angular/angular/security/advisories/GHSA-58c5-g7wp-6w37
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 6.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected when working with large buffers. This includes a rule passing a large buffer to a Lua script. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling Lua rules and output scripts, or making sure limits, such as stream.depth.reassembly and HTTP response body limits (response-body-limit), are set to less than half the stack size.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64_data. This issue has been patched in version 8.0.2. A workaround involves disabling rules that use entropy in conjunction with base64_data.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=sonae' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
