CHE
Company Details
Linkedin ID:
the-chronicle-of-higher-education
Website:
Employees number:
810
Number of followers:
485,086
NAICS:
51111
Industry Type:
Homepage:
chronicle.com
IP Addresses:
0
Company ID:
THE_2082818
Scan Status:
In-progress
The Chronicle of Higher Education Company CyberSecurity Posture
chronicle.com
Since its founding in 1966, The Chronicle has grown to serve millions of educators, administrators, researchers, and policymakers who rely on insights from The Chronicle to lead, teach, learn, and innovate. The Chronicle’s independent newsroom – the nation’s largest dedicated to covering colleges and universities – is home to award-winning journalists, experts, and data analysts with a passion for serving audiences with indispensable news and actionable insights on issues that matter.
The Chronicle of Higher Education A.I CyberSecurity Scoring
CHE Risk Score (AI oriented)Between 750 and 799
CHE
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
CHE Global Score (TPRM)XXXX
CHE
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
CHE Company CyberSecurity News & History
Past Incidents
2
Attack Types
2
The Chronicle of Higher Education, Inc.
Breach
Rankiteo Explanation
Attack without any consequences
Description: The California Office of the Attorney General reported a data breach involving The Chronicle of Higher Education, Inc. on May 13, 2020. The breach occurred on February 17, 2020, due to unauthorized access to a server, which exposed usernames and hashed and salted passwords for online accounts on chronicle.com, philanthropy.com, and chroniclevitae.com. The number of individuals affected is unknown.
The Chronicle of Higher Education, Inc.
Vulnerability
Rankiteo Explanation
Attack without any consequences
Description: The California Office of the Attorney General reported a data breach involving The Chronicle of Higher Education, Inc. on July 10, 2020. The breach occurred on June 15, 2020, and unauthorized parties exploited a vulnerability, potentially accessing user names, email addresses, and passwords, though no specific number of affected individuals is mentioned.
CHE Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for CHE
Incidents vs Newspaper Publishing Industry Average (This Year)
No incidents recorded for The Chronicle of Higher Education in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for The Chronicle of Higher Education in 2025.
Incident Types CHE vs Newspaper Publishing Industry Avg (This Year)
No incidents recorded for The Chronicle of Higher Education in 2025.
Incident History — CHE (X = Date, Y = Severity)
CHE cyber incidents detection timeline including parent company and subsidiaries
CHE Company Subsidiaries
Since its founding in 1966, The Chronicle has grown to serve millions of educators, administrators, researchers, and policymakers who rely on insights from The Chronicle to lead, teach, learn, and innovate. The Chronicle’s independent newsroom – the nation’s largest dedicated to covering colleges and universities – is home to award-winning journalists, experts, and data analysts with a passion for serving audiences with indispensable news and actionable insights on issues that matter.
Loading...
CHE Similar Companies
Winner of 37 Pulitzer Prizes for outstanding journalism, The Wall Street Journal includes coverage of U.S. and world news, politics, arts, culture, lifestyle, sports, health and more. It's a critical resource of curated content in print, online and mobile apps, complete with breaking news streams, i
.png)
CHE CyberSecurity News
November 11, 2025 12:15 PM
Massive data breach at St. Thomas came after stern warnings, IT service switch
University of St. Thomas data breach exposed student information, reports on misconduct complaints, expunged criminal records and...
November 10, 2025 10:10 PM
Cybersecurity firm chief fosters employee loyalty in a chaotic field
Rob Jansen, a winner in Atlanta Business Chronicle's 2025 Most Admired CEO Awards, is proud that many employees have worked for his firm for...
November 04, 2025 08:00 AM
An Apparent Mass Hack at Penn Exposes Higher Ed’s Security Weaknesses
An apparent mass data breach and document leak have disrupted the University of Pennsylvania over the past five days, sparking a lawsuit and...
November 03, 2025 03:17 AM
Hooked by phish: Security offices test Duke community in annual phishing awareness campaign
Were you offered free tickets to see “Harry Potter and the Cursed Child” at the Durham Performing Arts Center? Many Duke community members...
October 14, 2025 07:00 AM
University of St. Thomas releases little information following massive data breach: Houston Chronicle
A hacking group has taken responsibility for a data breach at The University of St. Thomas, according to ABC13's partners at the Houston...
October 14, 2025 07:00 AM
Maryville and SLU Team Up with Women in Cybersecurity to Close the Cyber Talent Gap - MPress
Maryville University and Saint Louis University Women in Cybersecurity team up to address the shortage of cybersecurity professionals.
October 14, 2025 07:00 AM
Leaked documents reveal scope of St. Thomas exposure during massive data breach
University of St. Thomas officials warned of a ransomware attack in August, but didn't share the extent of the breach as records were put on...
October 11, 2025 07:00 AM
Joanne Sexton Obituary
It is with heavy hearts and deep sorrow that we announce the passing of our beloved Joanne Sexton “Jo”, resident of Evans, Georgia at age 72...
October 10, 2025 06:51 AM
KFUPM’s Reinvention: A Bold University Model for a New Global Reality
Few universities attempt such a reinvention—fewer still succeed. So how did KFUPM do it?”
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
CHE CyberSecurity History Information
Official Website of The Chronicle of Higher Education
The official website of The Chronicle of Higher Education is http://chronicle.com.
The Chronicle of Higher Education’s AI-Generated Cybersecurity Score
According to Rankiteo, The Chronicle of Higher Education’s AI-generated cybersecurity score is 752, reflecting their Fair security posture.
How many security badges does The Chronicle of Higher Education’ have ?
According to Rankiteo, The Chronicle of Higher Education currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does The Chronicle of Higher Education have SOC 2 Type 1 certification ?
According to Rankiteo, The Chronicle of Higher Education is not certified under SOC 2 Type 1.
Does The Chronicle of Higher Education have SOC 2 Type 2 certification ?
According to Rankiteo, The Chronicle of Higher Education does not hold a SOC 2 Type 2 certification.
Does The Chronicle of Higher Education comply with GDPR ?
According to Rankiteo, The Chronicle of Higher Education is not listed as GDPR compliant.
Does The Chronicle of Higher Education have PCI DSS certification ?
According to Rankiteo, The Chronicle of Higher Education does not currently maintain PCI DSS compliance.
Does The Chronicle of Higher Education comply with HIPAA ?
According to Rankiteo, The Chronicle of Higher Education is not compliant with HIPAA regulations.
Does The Chronicle of Higher Education have ISO 27001 certification ?
According to Rankiteo,The Chronicle of Higher Education is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of The Chronicle of Higher Education
The Chronicle of Higher Education operates primarily in the Newspaper Publishing industry.
Number of Employees at The Chronicle of Higher Education
The Chronicle of Higher Education employs approximately 810 people worldwide.
Subsidiaries Owned by The Chronicle of Higher Education
The Chronicle of Higher Education presently has no subsidiaries across any sectors.
The Chronicle of Higher Education’s LinkedIn Followers
The Chronicle of Higher Education’s official LinkedIn profile has approximately 485,086 followers.
NAICS Classification of The Chronicle of Higher Education
The Chronicle of Higher Education is classified under the NAICS code 51111, which corresponds to Newspaper Publishers.
The Chronicle of Higher Education’s Presence on Crunchbase
No, The Chronicle of Higher Education does not have a profile on Crunchbase.
The Chronicle of Higher Education’s Presence on LinkedIn
Yes, The Chronicle of Higher Education maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/the-chronicle-of-higher-education.
Cybersecurity Incidents Involving The Chronicle of Higher Education
As of November 28, 2025, Rankiteo reports that The Chronicle of Higher Education has experienced 2 cybersecurity incidents.
Number of Peer and Competitor Companies
The Chronicle of Higher Education has an estimated 1,970 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at The Chronicle of Higher Education ?
Incident Types: The types of cybersecurity incidents that have occurred include Vulnerability and Breach.
Incident Details
Can you provide details on each incident ?
Title: Data Breach at The Chronicle of Higher Education, Inc.
Description: The California Office of the Attorney General reported a data breach involving The Chronicle of Higher Education, Inc. on May 13, 2020. The breach occurred on February 17, 2020, due to unauthorized access to a server, which exposed usernames and hashed and salted passwords for online accounts on chronicle.com, philanthropy.com, and chroniclevitae.com. The number of individuals affected is unknown.
Date Detected: 2020-02-17
Date Publicly Disclosed: 2020-05-13
Type: Data Breach
Attack Vector: Unauthorized Access
Title: Data Breach at The Chronicle of Higher Education, Inc.
Description: The California Office of the Attorney General reported a data breach involving The Chronicle of Higher Education, Inc. on July 10, 2020. The breach occurred on June 15, 2020, and unauthorized parties exploited a vulnerability, potentially accessing user names, email addresses, and passwords, though no specific number of affected individuals is mentioned.
Date Detected: 2020-06-15
Date Publicly Disclosed: 2020-07-10
Type: Data Breach
Attack Vector: Exploitation of Vulnerability
Threat Actor: Unauthorized Parties
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach THE630072525
Data Compromised: Usernames, Hashed and salted passwords
Systems Affected: chronicle.comphilanthropy.comchroniclevitae.com
Incident : Data Breach THE814072625
Data Compromised: User names, Email addresses, Passwords
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Usernames, Hashed And Salted Passwords, , User Names, Email Addresses, Passwords and .
Which entities were affected by each incident ?
Incident : Data Breach THE630072525
Entity Name: The Chronicle of Higher Education, Inc.
Entity Type: Company
Industry: Education
Incident : Data Breach THE814072625
Entity Name: The Chronicle of Higher Education, Inc.
Entity Type: Company
Industry: Education
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach THE630072525
Type of Data Compromised: Usernames, Hashed and salted passwords
Incident : Data Breach THE814072625
Type of Data Compromised: User names, Email addresses, Passwords
References
Where can I find more information about each incident ?
Incident : Data Breach THE630072525
Source: California Office of the Attorney General
Incident : Data Breach THE814072625
Source: California Office of the Attorney General
Date Accessed: 2020-07-10
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: California Office of the Attorney General, and Source: California Office of the Attorney GeneralDate Accessed: 2020-07-10.
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident was an Unauthorized Parties.
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2020-02-17.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2020-07-10.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were usernames, hashed and salted passwords, , User Names, Email Addresses, Passwords and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was chronicle.comphilanthropy.comchroniclevitae.com.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Passwords, Email Addresses, hashed and salted passwords, User Names and usernames.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident is California Office of the Attorney General.
.png)
Latest Global CVEs (Not Company-Specific)
Description
ThingsBoard in versions prior to v4.2.1 allows an authenticated user to upload malicious SVG images via the "Image Gallery", leading to a Stored Cross-Site Scripting (XSS) vulnerability. The exploit can be triggered when any user accesses the public API endpoint of the malicious SVG images, or if the malicious images are embedded in an `iframe` element, during a widget creation, deployed to any page of the platform (e.g., dashboards), and accessed during normal operations. The vulnerability resides in the `ImageController`, which fails to restrict the execution of JavaScript code when an image is loaded by the user's browser. This vulnerability can lead to the execution of malicious code in the context of other users' sessions, potentially compromising their accounts and allowing unauthorized actions.
Risk Information
cvss4
Base: 6.2
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Mattermost versions 11.0.x <= 11.0.2, 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12 fail to to verify that the token used during the code exchange originates from the same authentication flow, which allows an authenticated user to perform account takeover via a specially crafted email address used when switching authentication methods and sending a request to the /users/login/sso/code-exchange endpoint. The vulnerability requires ExperimentalEnableAuthenticationTransfer to be enabled (default: enabled) and RequireEmailVerification to be disabled (default: disabled).
Risk Information
cvss3
Base: 9.9
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
References
Description
Mattermost versions 11.0.x <= 11.0.2, 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12 fail to sanitize team email addresses to be visible only to Team Admins, which allows any authenticated user to view team email addresses via the GET /api/v4/channels/{channel_id}/common_teams endpoint
Risk Information
cvss3
Base: 4.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
References
Description
Exposure of email service credentials to users without administrative rights in Devolutions Server.This issue affects Devolutions Server: before 2025.2.21, before 2025.3.9.
Description
Exposure of credentials in unintended requests in Devolutions Server.This issue affects Server: through 2025.2.20, through 2025.3.8.
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=the-chronicle-of-higher-education' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
