TotalEnergies
Company Details
Linkedin ID:
totalenergies
Website:
Employees number:
79,389
Number of followers:
4,894,955
NAICS:
211
Industry Type:
Homepage:
totalenergies.com
IP Addresses:
0
Company ID:
TOT_1853762
Scan Status:
In-progress
TotalEnergies Company CyberSecurity Posture
totalenergies.com
Have you ever thought of offering your skills and expertise to a multinational company? Give your best to better energy and make the commitment with TotalEnergies. With over 500-plus professions in 130 countries, we offer high safety and environmental standards, strong ethical values, an innovation culture and wide-ranging career development. Be part of the global team whose mission is already shared by 105,000 employees : to be a world-class player in the energy transition
TotalEnergies A.I CyberSecurity Scoring
TotalEnergies Risk Score (AI oriented)Between 800 and 849
TotalEnergies
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
TotalEnergies Global Score (TPRM)XXXX
TotalEnergies
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
TotalEnergies Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
Total Energies
Cyber Attack
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: In July 2024, **TotalEnergies Clientes SAU**, a subsidiary of the global energy corporation **TotalEnergies**, fell victim to a targeted cyberattack. The incident involved unauthorized access to one of its **sales management computer systems**, resulting in the exposure of **sensitive personal data** belonging to **210,715 customers**. The compromised information included confidential details, though the exact nature of the data (e.g., financial records, identification documents) was not publicly specified.The company responded by **collaborating with law enforcement agencies** and the **Spanish Data Protection Agency (AEPD)** to investigate the breach, mitigate risks, and pursue legal action against the perpetrators. While no ransomware was reported, the attack raised concerns over **customer privacy violations** and potential downstream risks such as identity theft or fraud. TotalEnergies emphasized efforts to **strengthen cybersecurity measures** and notify affected individuals, though the long-term reputational and operational impacts remain under assessment.
TotalEnergies Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for TotalEnergies
Incidents vs Oil and Gas Industry Average (This Year)
No incidents recorded for TotalEnergies in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for TotalEnergies in 2025.
Incident Types TotalEnergies vs Oil and Gas Industry Avg (This Year)
No incidents recorded for TotalEnergies in 2025.
Incident History — TotalEnergies (X = Date, Y = Severity)
TotalEnergies cyber incidents detection timeline including parent company and subsidiaries
TotalEnergies Company Subsidiaries
Have you ever thought of offering your skills and expertise to a multinational company? Give your best to better energy and make the commitment with TotalEnergies. With over 500-plus professions in 130 countries, we offer high safety and environmental standards, strong ethical values, an innovation culture and wide-ranging career development. Be part of the global team whose mission is already shared by 105,000 employees : to be a world-class player in the energy transition
Loading...
TotalEnergies Similar Companies
Baker Hughes (NASDAQ: BKR) is an energy technology company that provides solutions for energy and industrial customers worldwide. Built on a century of experience and conducting business in over 120 countries, our innovative technologies and services are taking energy forward – making it safer, clea
PETROVIETNAM
Petrovietnam’s business - Core business: + Exploration, Production, Refinery, Petrochemicals, Storage, Transportation and Service in Petroleum Field; + Importing and Exporting petroleum materials, equipment and productions; + Distributing oil and gas products and hydrocarbon materi
PDVSA Petróleos de Venezuela S.A.
Petróleos de Venezuela S.A. is a Venezuelan state company, began operations on January 1st, 1976 and whose activities are the oil exploration, production, refining, marketing and transportation of Venezuelan oil as well as the orimulsion, chemical, petrochemical businesses and coal. We have the lar
RussNeft
ОАО Oil and Gas Company «RussNeft» came into existence in September 2002 . The structure of OAO NK “RussNeft” counts 24 upstream enterprises, 2 refineries, its own distribution net of gas filling stations. Geographic reach of “RussNeft” covers 12 regions of Russia and CIS: Khanty-Mansi Autonomous
Shell is a global group of energy and petrochemical companies, employing 103,000 people and with operations in more than 70 countries. We serve more than 1 million commercial and industrial customers, and around 33 million customers daily at more than 47,000 Shell-branded retail service stations. O
Marathon Petroleum Corporation
Marathon Petroleum Corporation (MPC) is a leading, integrated, downstream and midstream energy company headquartered in Findlay, Ohio. The company operates the nation's largest refining system. MPC's marketing system includes branded locations across the United States, including Marathon brand retai
NOV
NOV delivers technology-driven solutions to empower the global energy industry. For more than 150 years, NOV has pioneered innovations that enable its customers to safely produce abundant energy while minimizing environmental impact. The energy industry depends on NOV’s deep expertise and technology
Transocean
Transocean is a leading international provider of offshore contract drilling services for oil and gas wells. The company specializes in technically demanding sectors of the global offshore drilling business, with a particular focus on ultra-deepwater and harsh environment drilling services and opera
Besmindo Group
Besmindo Group is a leader in providing new tool joints; repair & redress of tool joints, pup joints, drill pipes, threads for tool joints and OCTG tubing. The mission is to continually provide these and other services by promoting a reputation for excellence and value while fully anticipating, then
.png)
TotalEnergies CyberSecurity News
December 10, 2025 11:18 AM
TotalEnergies Marketing and Services harmonizes global CRM program
A major international player in the energy sector, TotalEnergies markets a wide range of petroleum products including fuels, lubricants, maps, bitumen and...
December 01, 2025 06:16 PM
Article | UK, Netherlands drop funding for TotalEnergies’ massacre-linked gas project
LONDON — The U.K. and Dutch governments have pulled out of funding a major gas project in Mozambique, the governments confirmed Monday.
November 25, 2025 11:19 AM
E&E News: Belgian farmer suing oil major over climate change
CLIMATEWIRE | TOURNAI, Belgium — Back in 2016, a freak storm destroyed the entire strawberry crop on Hugues Falys' farm in the province of...
November 21, 2025 08:00 AM
E&E News: TotalEnergies CEO warns Europeans not to be overreliant on US LNG
ENERGYWIRE | TotalEnergies CEO Patrick Pouyanne said European nations should avoid becoming too reliant on imports of U.S. liquefied natural...
November 17, 2025 08:00 AM
Eurofiber reports data breach in France, major customers affected
Eurofiber France reported that the company discovered a data breach in its internal ticket management system and the ATE customer portal on...
November 06, 2025 08:00 AM
TotalEnergies outlines three global energy scenarios to 2050
TotalEnergies has outlined three potential long-term scenarios for the global energy system, leading up to 2050, in its Energy Outlook...
November 06, 2025 07:07 AM
TotalEnergies, Data4 ink renewable power supply deal in Spain
Global energy company, TotalEnergies and European data center operator, Data4, have signed a 10-year agreement for the supply of renewable electricity to...
November 05, 2025 08:00 AM
TotalEnergies Ratawi Hub wins automation award for wireless safety system
The Iraq-based project has been recognised for implementing a safety-critical wireless gas detection system in hazardous conditions,...
November 03, 2025 08:00 AM
TotalEnergies EP Ratawi Hub Wins ISA100 Wireless Excellence in Automation Award
PRNewswire/ -- The International Society of Automation (ISA) — the leading professional society for automation — and the ISA100 Wireless...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
TotalEnergies CyberSecurity History Information
Official Website of TotalEnergies
The official website of TotalEnergies is http://www.totalenergies.com.
TotalEnergies’s AI-Generated Cybersecurity Score
According to Rankiteo, TotalEnergies’s AI-generated cybersecurity score is 822, reflecting their Good security posture.
How many security badges does TotalEnergies’ have ?
According to Rankiteo, TotalEnergies currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does TotalEnergies have SOC 2 Type 1 certification ?
According to Rankiteo, TotalEnergies is not certified under SOC 2 Type 1.
Does TotalEnergies have SOC 2 Type 2 certification ?
According to Rankiteo, TotalEnergies does not hold a SOC 2 Type 2 certification.
Does TotalEnergies comply with GDPR ?
According to Rankiteo, TotalEnergies is not listed as GDPR compliant.
Does TotalEnergies have PCI DSS certification ?
According to Rankiteo, TotalEnergies does not currently maintain PCI DSS compliance.
Does TotalEnergies comply with HIPAA ?
According to Rankiteo, TotalEnergies is not compliant with HIPAA regulations.
Does TotalEnergies have ISO 27001 certification ?
According to Rankiteo,TotalEnergies is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of TotalEnergies
TotalEnergies operates primarily in the Oil and Gas industry.
Number of Employees at TotalEnergies
TotalEnergies employs approximately 79,389 people worldwide.
Subsidiaries Owned by TotalEnergies
TotalEnergies presently has no subsidiaries across any sectors.
TotalEnergies’s LinkedIn Followers
TotalEnergies’s official LinkedIn profile has approximately 4,894,955 followers.
NAICS Classification of TotalEnergies
TotalEnergies is classified under the NAICS code 211, which corresponds to Oil and Gas Extraction.
TotalEnergies’s Presence on Crunchbase
No, TotalEnergies does not have a profile on Crunchbase.
TotalEnergies’s Presence on LinkedIn
Yes, TotalEnergies maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/totalenergies.
Cybersecurity Incidents Involving TotalEnergies
As of December 24, 2025, Rankiteo reports that TotalEnergies has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
TotalEnergies has an estimated 10,634 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at TotalEnergies ?
Incident Types: The types of cybersecurity incidents that have occurred include Cyber Attack.
Incident Details
Can you provide details on each incident ?
Title: TotalEnergies Clientes SAU Data Breach (July 2024)
Description: In July 2024, TotalEnergies Clientes SAU, a subsidiary of the global energy company TotalEnergies, experienced a cyberattack that compromised the personal data of 210,715 customers. The breach involved unauthorized access to one of its sales management computer systems, exposing sensitive customer information.
Type: Data Breach
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Cyber Attack.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach TOT316092125
Data Compromised: Personal data of 210,715 customers
Systems Affected: Sales management computer system
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Personal data.
Which entities were affected by each incident ?
Incident : Data Breach TOT316092125
Entity Name: TotalEnergies Clientes SAU
Entity Type: Subsidiary
Industry: Energy
Location: Spain
Customers Affected: 210,715
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach TOT316092125
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach TOT316092125
Type of Data Compromised: Personal data
Number of Records Exposed: 210,715
Sensitivity of Data: Sensitive
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Data Breach TOT316092125
Legal Actions: Pursuing legal action against responsible parties,
Regulatory Notifications: Spanish Data Protection Agency
How does the company ensure compliance with regulatory requirements ?
Ensuring Regulatory Compliance: The company ensures compliance with regulatory requirements through Pursuing legal action against responsible parties, .
Additional Questions
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Personal data of 210,715 customers and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was Sales management computer system.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Personal data of 210 and715 customers.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 210.7K.
Regulatory Compliance
What was the most significant legal action taken for a regulatory violation ?
Most Significant Legal Action: The most significant legal action taken for a regulatory violation was Pursuing legal action against responsible parties, .
.png)
Latest Global CVEs (Not Company-Specific)
Description
Marshmallow is a lightweight library for converting complex objects to and from simple Python datatypes. In versions from 3.0.0rc1 to before 3.26.2 and from 4.0.0 to before 4.1.2, Schema.load(data, many=True) is vulnerable to denial of service attacks. A moderately sized request can consume a disproportionate amount of CPU time. This issue has been patched in version 3.26.2 and 4.1.2.
Risk Information
cvss3
Base: 5.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Description
KEDA is a Kubernetes-based Event Driven Autoscaling component. Prior to versions 2.17.3 and 2.18.3, an Arbitrary File Read vulnerability has been identified in KEDA, potentially affecting any KEDA resource that uses TriggerAuthentication to configure HashiCorp Vault authentication. The vulnerability stems from an incorrect or insufficient path validation when loading the Service Account Token specified in spec.hashiCorpVault.credential.serviceAccount. An attacker with permissions to create or modify a TriggerAuthentication resource can exfiltrate the content of any file from the node's filesystem (where the KEDA pod resides) by directing the file's content to a server under their control, as part of the Vault authentication request. The potential impact includes the exfiltration of sensitive system information, such as secrets, keys, or the content of files like /etc/passwd. This issue has been patched in versions 2.17.3 and 2.18.3.
Risk Information
cvss4
Base: 8.2
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Prior to versions 1.6.13, 1.7.14, 1.8.15, and 1.9.2, a Regular Expression Denial of Service (ReDoS) vulnerability exists in Fedify's document loader. The HTML parsing regex at packages/fedify/src/runtime/docloader.ts:259 contains nested quantifiers that cause catastrophic backtracking when processing maliciously crafted HTML responses. This issue has been patched in versions 1.6.13, 1.7.14, 1.8.15, and 1.9.2.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References
- https://github.com/fedify-dev/fedify/commit/2bdcb24d7d6d5886e0214ed504b63a6dc5488779
- https://github.com/fedify-dev/fedify/commit/bf2f0783634efed2663d1b187dc55461ee1f987a
- https://github.com/fedify-dev/fedify/releases/tag/1.6.13
- https://github.com/fedify-dev/fedify/releases/tag/1.7.14
- https://github.com/fedify-dev/fedify/releases/tag/1.8.15
- https://github.com/fedify-dev/fedify/releases/tag/1.9.2
- https://github.com/fedify-dev/fedify/security/advisories/GHSA-rchf-xwx2-hm93
Description
Authenticated Remote Code Execution (RCE) in PluXml CMS 5.8.22 allows an attacker with administrator panel access to inject a malicious PHP webshell into a theme file (e.g., home.php).
Risk Information
cvss3
Base: 6.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Description
An issue was discovered in Xiongmai XM530 IP cameras on firmware V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06. The GetStreamUri exposes RTSP URIs containing hardcoded credentials enabling direct unauthorized video stream access.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=totalenergies' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
