Superdrug
Company Details
Linkedin ID:
superdrug
Website:
Employees number:
8,307
Number of followers:
153,033
NAICS:
43
Industry Type:
Homepage:
superdrug.com
IP Addresses:
0
Company ID:
SUP_1884868
Scan Status:
In-progress
Superdrug Company CyberSecurity Posture
superdrug.com
Our vision is to be the best in everyday accessible beauty and health. It’s our mission to be our customers first choice for up to the minute beauty and health, loved for value, choice and friendly advice, online and instore. We stock the biggest beauty and health brands, as well as exclusive brands and products that can only be found at Superdrug. We’re proud of our Own Brands, from Studio London cosmetics to B. Skin, we believe that efficacy and value can work together to deliver incredible results. Our Own Brand products are cruelty free and carry the leaping bunny logo, certified by Cruelty Free International. Our Healthcare teams deliver instore and online services to patients up and down the country. From free blood pressure checks to travel vaccinations and phlebotomy services to Online Doctor, we support thousands of customers every week. Our Beauty Studios continue to grow rapidly, offering a range of services from piercing to Hair cuts in our biggest Beauty Studios. Superdrug is part of AS Watson Group, the world’s largest international health and beauty retailer operating over 17,000 stores under 12 retail brands in 31 markets, with over 130,000 employees worldwide. For the fiscal year 2024, AS Watson Group recorded revenue of over US$24 billion. Every year, it is serving over 6 billion shoppers via its O+O (Offline plus Online) platforms, providing tech-enabled retail experience to customers offline and online.
Superdrug A.I CyberSecurity Scoring
Superdrug Risk Score (AI oriented)Between 750 and 799
Superdrug
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Superdrug Global Score (TPRM)XXXX
Superdrug
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Superdrug Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
Superdrug
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: Superdrug experienced a data breach affecting 20,000 individuals. They were contacted by hackers who claimed to have a number of our customer’s online shopping information. There is no evidence that Superdrug systems have been compromised. The criminals had got customers’ email addresses and passwords from other websites . They then used those credentials to access accounts on Superdrug's website. The types of personal information stolen were Names, Addresses, Dates of birth, Phone numbers, Point balances, Password advice.
Superdrug Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Superdrug
Incidents vs Retail Industry Average (This Year)
No incidents recorded for Superdrug in 2026.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Superdrug in 2026.
Incident Types Superdrug vs Retail Industry Avg (This Year)
No incidents recorded for Superdrug in 2026.
Incident History — Superdrug (X = Date, Y = Severity)
Superdrug cyber incidents detection timeline including parent company and subsidiaries
Superdrug Company Subsidiaries
Our vision is to be the best in everyday accessible beauty and health. It’s our mission to be our customers first choice for up to the minute beauty and health, loved for value, choice and friendly advice, online and instore. We stock the biggest beauty and health brands, as well as exclusive brands and products that can only be found at Superdrug. We’re proud of our Own Brands, from Studio London cosmetics to B. Skin, we believe that efficacy and value can work together to deliver incredible results. Our Own Brand products are cruelty free and carry the leaping bunny logo, certified by Cruelty Free International. Our Healthcare teams deliver instore and online services to patients up and down the country. From free blood pressure checks to travel vaccinations and phlebotomy services to Online Doctor, we support thousands of customers every week. Our Beauty Studios continue to grow rapidly, offering a range of services from piercing to Hair cuts in our biggest Beauty Studios. Superdrug is part of AS Watson Group, the world’s largest international health and beauty retailer operating over 17,000 stores under 12 retail brands in 31 markets, with over 130,000 employees worldwide. For the fiscal year 2024, AS Watson Group recorded revenue of over US$24 billion. Every year, it is serving over 6 billion shoppers via its O+O (Offline plus Online) platforms, providing tech-enabled retail experience to customers offline and online.
Loading...
Superdrug Similar Companies
Big Lots is an off-price retailer, offering bargains on everything for the home, including furniture, décor, pantry essentials, kitchenware, pet supplies, and more. Big Lots fulfills its mission to help customers "Live Big and Save Lots" by strategically sourcing bargains in a variety of creative w
Sally Beauty Holdings, Inc. (“Sally”) through its affiliates is the world’s largest distributor of professional beauty supplies. Sally provides the channels that allow manufacturers of beauty supplies to reach customers, both professional and non-professional. Sally Beauty Company, Inc. began a
Toys"R"Us
Toys“R”Us is a beloved brand known all around the world—and we know how to have fun! For over 70 years we've been the toy authority and ambassadors of all things play. Our new vision looks beyond traditional retail for a re-imagined, immersive experience for kids of all ages. We've got a whole new w
Advance Auto Parts
Advance Auto Parts, Inc. is a leading automotive aftermarket parts provider that serves both professional installers and do-it-yourself customers. As of October 5, 2024, Advance operated 4,781 stores primarily within the United States, with additional locations in Canada, Puerto Rico and the U.S. Vi
Victoria’s Secret & Co. (NYSE: VSCO) is a specialty retailer of modern, fashion-inspired collections including signature bras, panties, lingerie, casual sleepwear, athleisure and swim, as well as award-winning prestige fragrances and body care. VS&Co is comprised of market leading brands, Victoria’s
Specsavers
Specsavers began 40 years ago with the vision of two optometrists, Doug and Mary Perkins, who set out to provide best-value eyecare to everybody. Their passion for optometry has led Specsavers to become the largest privately-owned optical group in the world, delivering high-quality, affordable opt
Burlington Stores, Inc.
Burlington Stores, Inc., headquartered in New Jersey, is a nationally recognized off-price retailer. Burlington is a Fortune 500 company and its common stock is traded on the New York Stock Exchange under the ticker symbol “BURL.” The Company operates more than 1000 stores, in 46 states, Washington
Albert Heijn
Bij Albert Heijn geloven we dat eten en drinken een essentiële rol speelt bij de grote uitdagingen in de maatschappij. Het levert een belangrijke bijdrage aan een gezonde levensstijl, het verbindt mensen en draagt bij aan een beter klimaat en daarmee een duurzame samenleving. Onze missie is dan ook:
Tractor Supply Company
For more than 85 years, Tractor Supply has been passionate about serving the needs of recreational farmers, ranchers, homeowners, gardeners, pet enthusiasts and all those who enjoy living Life Out Here. Tractor Supply is the largest rural lifestyle retailer in the U.S., ranking 296 on the Fortune 50
.png)
Superdrug CyberSecurity News
August 21, 2025 07:00 AM
The most common retail cybersecurity challenges
Retail cybersecurity challenges are not just about cyber attacks. Explore the hidden obstacles retailers face in securing data, systems,...
August 22, 2018 07:00 AM
Superdrug targeted by hackers who claim to have 20,000 customer details
Superdrug has advised its online customers to change their passwords after the high street chain was targeted by hackers claiming to have stolen the personal...
August 22, 2018 07:00 AM
Superdrug 'hacked' and held to ransom over personal customer data
An online hacker claims that approximately 20000 customers have been compromised, although Superdrug says it has only seen 386.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Superdrug CyberSecurity History Information
Official Website of Superdrug
The official website of Superdrug is https://http://www.superdrug.com.
Superdrug’s AI-Generated Cybersecurity Score
According to Rankiteo, Superdrug’s AI-generated cybersecurity score is 778, reflecting their Fair security posture.
How many security badges does Superdrug’ have ?
According to Rankiteo, Superdrug currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Has Superdrug been affected by any supply chain cyber incidents ?
According to Rankiteo, Superdrug has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.
Does Superdrug have SOC 2 Type 1 certification ?
According to Rankiteo, Superdrug is not certified under SOC 2 Type 1.
Does Superdrug have SOC 2 Type 2 certification ?
According to Rankiteo, Superdrug does not hold a SOC 2 Type 2 certification.
Does Superdrug comply with GDPR ?
According to Rankiteo, Superdrug is not listed as GDPR compliant.
Does Superdrug have PCI DSS certification ?
According to Rankiteo, Superdrug does not currently maintain PCI DSS compliance.
Does Superdrug comply with HIPAA ?
According to Rankiteo, Superdrug is not compliant with HIPAA regulations.
Does Superdrug have ISO 27001 certification ?
According to Rankiteo,Superdrug is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Superdrug
Superdrug operates primarily in the Retail industry.
Number of Employees at Superdrug
Superdrug employs approximately 8,307 people worldwide.
Subsidiaries Owned by Superdrug
Superdrug presently has no subsidiaries across any sectors.
Superdrug’s LinkedIn Followers
Superdrug’s official LinkedIn profile has approximately 153,033 followers.
NAICS Classification of Superdrug
Superdrug is classified under the NAICS code 43, which corresponds to Retail Trade.
Superdrug’s Presence on Crunchbase
No, Superdrug does not have a profile on Crunchbase.
Superdrug’s Presence on LinkedIn
Yes, Superdrug maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/superdrug.
Cybersecurity Incidents Involving Superdrug
As of January 25, 2026, Rankiteo reports that Superdrug has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
Superdrug has an estimated 15,595 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Superdrug ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
Incident Details
Can you provide details on each incident ?
Title: Superdrug Data Breach
Description: Superdrug experienced a data breach affecting 20,000 individuals. They were contacted by hackers who claimed to have a number of our customer’s online shopping information. There is no evidence that Superdrug systems have been compromised. The criminals had got customers’ email addresses and passwords from other websites. They then used those credentials to access accounts on Superdrug's website. The types of personal information stolen were Names, Addresses, Dates of birth, Phone numbers, Point balances, Password advice.
Type: Data Breach
Attack Vector: Credential Stuffing
Vulnerability Exploited: Reused credentials
Threat Actor: Unknown
Motivation: Data Theft
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach SUP23281122
Data Compromised: Names, Addresses, Dates of birth, Phone numbers, Point balances, Password advice
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Names, Addresses, Dates Of Birth, Phone Numbers, Point Balances, Password Advice and .
Which entities were affected by each incident ?
Incident : Data Breach SUP23281122
Entity Name: Superdrug
Entity Type: Company
Industry: Retail
Customers Affected: 20000
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach SUP23281122
Type of Data Compromised: Names, Addresses, Dates of birth, Phone numbers, Point balances, Password advice
Number of Records Exposed: 20000
Sensitivity of Data: Medium
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident was an Unknown.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Names, Addresses, Dates of birth, Phone numbers, Point balances, Password advice and .
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Names, Password advice, Dates of birth, Phone numbers, Addresses and Point balances.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 200.0.
.png)
Latest Global CVEs (Not Company-Specific)
Description
Typemill is a flat-file, Markdown-based CMS designed for informational documentation websites. A reflected Cross-Site Scripting (XSS) exists in the login error view template `login.twig` of versions 2.19.1 and below. The `username` value can be echoed back without proper contextual encoding when authentication fails. An attacker can execute script in the login page context. This issue has been fixed in version 2.19.2.
Risk Information
cvss3
Base: 5.4
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Description
A DOM-based Cross-Site Scripting (XSS) vulnerability exists in the DomainCheckerApp class within domain/script.js of Sourcecodester Domain Availability Checker v1.0. The vulnerability occurs because the application improperly handles user-supplied data in the createResultElement method by using the unsafe innerHTML property to render domain search results.
Description
A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Modern Image Gallery App v1.0 within the gallery/upload.php component. The application fails to properly validate uploaded file contents. Additionally, the application preserves the user-supplied file extension during the save process. This allows an unauthenticated attacker to upload arbitrary PHP code by spoofing the MIME type as an image, leading to full system compromise.
Description
A UNIX symbolic link following issue in the jailer component in Firecracker version v1.13.1 and earlier and 1.14.0 on Linux may allow a local host user with write access to the pre-created jailer directories to overwrite arbitrary host files via a symlink attack during the initialization copy at jailer startup, if the jailer is executed with root privileges. To mitigate this issue, users should upgrade to version v1.13.2 or 1.14.1 or above.
Risk Information
cvss3
Base: 6.0
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
cvss4
Base: 6.0
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description
An information disclosure vulnerability exists in the /srvs/membersrv/getCashiers endpoint of the Aptsys gemscms backend platform thru 2025-05-28. This unauthenticated endpoint returns a list of cashier accounts, including names, email addresses, usernames, and passwords hashed using MD5. As MD5 is a broken cryptographic function, the hashes can be easily reversed using public tools, exposing user credentials in plaintext. This allows remote attackers to perform unauthorized logins and potentially gain access to sensitive POS operations or backend functions.
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=superdrug' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
