HC
Company Details
Linkedin ID:
the-hershey-company
Employees number:
10,932
Number of followers:
495,788
NAICS:
30
Industry Type:
Homepage:
thehersheycompany.com
IP Addresses:
6
Company ID:
THE_3320418
Scan Status:
Completed
The Hershey Company Company CyberSecurity Posture
thehersheycompany.com
The Hershey Company is headquartered in Hershey, Pa., and is an industry-leading snacks company with a purpose to make more moments of goodness through its iconic brands. Hershey has approximately 20,000 employees around the world who work every day to deliver delicious, quality products. The company has more than 70 brands around the world that drive more than $11 billion in annual revenues, including such beloved brands like HERSHEY'S, REESE'S, KIT KAT®, JOLLY RANCHER, ICE BREAKERS, SHAQ-A-LICIOUS, SKINNYPOP and DOT'S HOMESTYLE PRETZEL'S. For more than 130 years, Hershey has been committed to operating responsibly and supporting its people and communities. Hershey founder, Milton Hershey, created Milton Hershey School in 1909, and since then, the company has focused on helping children succeed through access to education.
The Hershey Company A.I CyberSecurity Scoring
HC Risk Score (AI oriented)Between 750 and 799
HC
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
HC Global Score (TPRM)XXXX
HC
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
HC Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
The Hershey Company
Breach
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: The Vermont Attorney General reported a data breach involving The Hershey Company on December 1, 2023. The breach occurred between September 3 and 4, 2023, when an unauthorized user accessed a limited number of email accounts, potentially exposing personal information such as names, Social Security Numbers, and health information. The number of affected individuals is unknown.
HC Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for HC
Incidents vs Manufacturing Industry Average (This Year)
No incidents recorded for The Hershey Company in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for The Hershey Company in 2025.
Incident Types HC vs Manufacturing Industry Avg (This Year)
No incidents recorded for The Hershey Company in 2025.
Incident History — HC (X = Date, Y = Severity)
HC cyber incidents detection timeline including parent company and subsidiaries
HC Company Subsidiaries
The Hershey Company is headquartered in Hershey, Pa., and is an industry-leading snacks company with a purpose to make more moments of goodness through its iconic brands. Hershey has approximately 20,000 employees around the world who work every day to deliver delicious, quality products. The company has more than 70 brands around the world that drive more than $11 billion in annual revenues, including such beloved brands like HERSHEY'S, REESE'S, KIT KAT®, JOLLY RANCHER, ICE BREAKERS, SHAQ-A-LICIOUS, SKINNYPOP and DOT'S HOMESTYLE PRETZEL'S. For more than 130 years, Hershey has been committed to operating responsibly and supporting its people and communities. Hershey founder, Milton Hershey, created Milton Hershey School in 1909, and since then, the company has focused on helping children succeed through access to education.
Loading...
HC Similar Companies
ITC is one of India's foremost private sector companies with a Gross Revenue of ₹ 69,446 crores and Net Profit of ₹ 20,422 crores (as on 31.03.2024). ITC has a diversified presence in FMCG, Packaging, Paperboards & Specialty Papers and Agri-Business. ITC's aspiration to be an exemplar in sustainabil
A journey that began 75 years ago in a corner of India and has since traversed the world over. Uniting people from across countries, cultures, and customs over the years with a multitude of different dreams, there's power in an idea. An idea that gave rise to brands that stood the test of time, with
We are EssilorLuxottica, a global leader in the design, manufacture and distribution of ophthalmic lenses, frames and sunglasses. Formed in 2018 by the combination of Essilor and Luxottica, our Company combines two centuries of innovation and human endeavour to elevate vision care and the consumer e
RAK Ceramics
RAK Ceramics is one of the largest ceramics’ brands in the world. Specialising in ceramic and gres porcelain wall and floor tiles, tableware, sanitaryware and faucets, the Company has the capacity to produce 118 million square meters of tiles, 5.7 million pieces of sanitaryware, 36 million pieces of
SC Johnson
We’re SC Johnson, a family company at work for a better world™. We are a leading manufacturer of household cleaning products and products for home storage, air care, pest control, shoe care and professional products. SC Johnson’s high-quality products and iconic brands include OFF!®, Raid®, Glade®,
Kellogg Company
At Kellanova, our vision is to be the world’s best performing snacks-led powerhouse, unleashing the full potential of our differentiated brands and our passionate people. Powered by our strategy to Differentiate, Drive & Deliver, we are a leading company in global snacking, international cereal and
Godrej Enterprises Group
Since 1897, Godrej Enterprises Group (which includes Godrej & Boyce and its affiliates) has contributed significantly to India’s economic growth and self-reliance by providing complex engineering, design led innovation, and sustainable manufacturing solutions. From the world’s first patented springl
BSH Home Appliances Group
BSH is home to both globally established Appliance Brands*, such as Bosch, Siemens, Gaggenau, and Neff, in addition to seven local brands. With our Ecosystem Brand Home Connect and Service Brands such as Simply Yummy and BlueMovement, we offer consumers digital services and sustainable solutions to
We are Colgate, a caring, innovative growth company that is reimagining a healthier future for all people, their pets, and our planet. We are a leading global consumer products company with 34,000 people dedicated to improving the health and wellness of people and their pets. Focused on Oral Care, P
.png)
HC CyberSecurity News
November 06, 2025 08:00 AM
The Hershey Company (HSY) debuts 4 new holiday treats, led by Kisses Snickerdoodle
Lineup adds Hershey's Grinch Milk Chocolate Bar in 3 unique designs, Reese's Mini Trees, returning KIT KAT Santas, plus seasonal candy...
October 09, 2025 07:00 AM
Reese's OREO® Cup Debut — Hershey Unveils New SKU at NACS Show; Salty Snacks +9.5% YTD
Hershey unveils Reese's OREO® Cup at NACS Show (Oct 15–17) and spotlights Jolly Rancher Ropes, Shaq-A-Licious; sweets up 23.2% and 60% of...
August 18, 2025 07:00 AM
The Hershey Company Appoints Natalie Rothman as Chief Human Resources Officer
The Hershey Company (NYSE: HSY) today announced the appointment of Natalie Rothman as Chief Human Resources Officer, effective August 18,...
July 23, 2025 07:00 AM
Hershey, Nestle, other cocoa companies defeat appeal of child slavery lawsuit
A federal appeals court on Tuesday rejected a proposed class action by eight Malian citizens who sought to hold Hershey , Nestle and five...
July 11, 2025 07:00 AM
Top Canadian employers hiring for jobs qualifying for category-based draws under Express Entry
Canada's top employers hire for a range of positions across several industries and sectors, many of which are eligible for category-based...
July 08, 2025 07:00 AM
The Hershey Company Appoints Kirk Tanner as CEO
The Hershey Company (NYSE: HSY) today announced that its Board of Directors has appointed Kirk Tanner to succeed Michele Buck as President and Chief Executive...
June 17, 2025 07:00 AM
US critical networks are prime targets for cyberattacks. They’re preparing for Iran to strike.
Organizations across the country are stepping up their vigilance as the conflict between Iran and Israel widens.
June 02, 2025 07:00 AM
5 Oversold Stocks to Buy Before They Break Out
On this week's episode of The Morning Filter podcast, Dave Sekera and Susan Dziubinski discuss the on-again/off-again state of tariffs,...
June 02, 2025 07:00 AM
Hershey (HSY): Company Profile, Stock Price, News, Rankings
An icon in the chocolate space and famous for its candy bars and Kisses, the Hershey Company was founded in 1894 and specializes in...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
HC CyberSecurity History Information
Official Website of The Hershey Company
The official website of The Hershey Company is https://www.thehersheycompany.com/.
The Hershey Company’s AI-Generated Cybersecurity Score
According to Rankiteo, The Hershey Company’s AI-generated cybersecurity score is 785, reflecting their Fair security posture.
How many security badges does The Hershey Company’ have ?
According to Rankiteo, The Hershey Company currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does The Hershey Company have SOC 2 Type 1 certification ?
According to Rankiteo, The Hershey Company is not certified under SOC 2 Type 1.
Does The Hershey Company have SOC 2 Type 2 certification ?
According to Rankiteo, The Hershey Company does not hold a SOC 2 Type 2 certification.
Does The Hershey Company comply with GDPR ?
According to Rankiteo, The Hershey Company is not listed as GDPR compliant.
Does The Hershey Company have PCI DSS certification ?
According to Rankiteo, The Hershey Company does not currently maintain PCI DSS compliance.
Does The Hershey Company comply with HIPAA ?
According to Rankiteo, The Hershey Company is not compliant with HIPAA regulations.
Does The Hershey Company have ISO 27001 certification ?
According to Rankiteo,The Hershey Company is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of The Hershey Company
The Hershey Company operates primarily in the Manufacturing industry.
Number of Employees at The Hershey Company
The Hershey Company employs approximately 10,932 people worldwide.
Subsidiaries Owned by The Hershey Company
The Hershey Company presently has no subsidiaries across any sectors.
The Hershey Company’s LinkedIn Followers
The Hershey Company’s official LinkedIn profile has approximately 495,788 followers.
NAICS Classification of The Hershey Company
The Hershey Company is classified under the NAICS code 30, which corresponds to Manufacturing.
The Hershey Company’s Presence on Crunchbase
No, The Hershey Company does not have a profile on Crunchbase.
The Hershey Company’s Presence on LinkedIn
Yes, The Hershey Company maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/the-hershey-company.
Cybersecurity Incidents Involving The Hershey Company
As of November 27, 2025, Rankiteo reports that The Hershey Company has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
The Hershey Company has an estimated 7,601 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at The Hershey Company ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
Incident Details
Can you provide details on each incident ?
Title: Data Breach at The Hershey Company
Description: The Vermont Attorney General reported a data breach involving The Hershey Company on December 1, 2023. The breach occurred between September 3 and 4, 2023, when an unauthorized user accessed a limited number of email accounts, potentially exposing personal information such as names, Social Security Numbers, and health information. The number of affected individuals is unknown.
Date Detected: 2023-12-01
Date Publicly Disclosed: 2023-12-01
Type: Data Breach
Attack Vector: Unauthorized Access to Email Accounts
Threat Actor: Unauthorized User
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Email Accounts.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach THE425072625
Data Compromised: Names, Social security numbers, Health information
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Names, Social Security Numbers, Health Information and .
Which entities were affected by each incident ?
Incident : Data Breach THE425072625
Entity Name: The Hershey Company
Entity Type: Corporation
Industry: Food and Beverage
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach THE425072625
Type of Data Compromised: Names, Social security numbers, Health information
Sensitivity of Data: High
References
Where can I find more information about each incident ?
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Vermont Attorney GeneralDate Accessed: 2023-12-01.
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Data Breach THE425072625
Entry Point: Email Accounts
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident was an Unauthorized User.
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2023-12-01.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2023-12-01.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Names, Social Security Numbers, Health Information and .
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Names, Social Security Numbers and Health Information.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident is Vermont Attorney General.
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker was an Email Accounts.
.png)
Latest Global CVEs (Not Company-Specific)
Description
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.
Risk Information
cvss4
Base: 7.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
- https://github.com/angular/angular/commit/0276479e7d0e280e0f8d26fa567d3b7aa97a516f
- https://github.com/angular/angular/commit/05fe6686a97fa0bcd3cf157805b3612033f975bc
- https://github.com/angular/angular/commit/3240d856d942727372a705252f7c8c115394a41e
- https://github.com/angular/angular/releases/tag/19.2.16
- https://github.com/angular/angular/releases/tag/20.3.14
- https://github.com/angular/angular/releases/tag/21.0.1
- https://github.com/angular/angular/security/advisories/GHSA-58c5-g7wp-6w37
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 6.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected when working with large buffers. This includes a rule passing a large buffer to a Lua script. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling Lua rules and output scripts, or making sure limits, such as stream.depth.reassembly and HTTP response body limits (response-body-limit), are set to less than half the stack size.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64_data. This issue has been patched in version 8.0.2. A workaround involves disabling rules that use entropy in conjunction with base64_data.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=the-hershey-company' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
