UKG
Company Details
Linkedin ID:
ukg
Website:
Employees number:
15,791
Number of followers:
298,648
NAICS:
5112
Industry Type:
Homepage:
ukg.com
IP Addresses:
0
Company ID:
UKG_2936607
Scan Status:
In-progress
UKG Company CyberSecurity Posture
ukg.com
UKG is the Workforce Operating Platform that puts workforce understanding to work. With the world's largest collection of workforce insights, and people-first AI, our ability to reveal unseen ways to build trust, amplify productivity, and empower talent, is unmatched. It's this expertise that equips our customers with the intelligence to solve any challenge in any industry — because great organizations know their workforce is their competitive edge.
UKG A.I CyberSecurity Scoring
UKG Risk Score (AI oriented)Between 700 and 749
UKG
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
UKG Global Score (TPRM)XXXX
UKG
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
UKG Company CyberSecurity News & History
Past Incidents
2
Attack Types
2
UKG Inc.
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The Maine Office of the Attorney General reported that UKG Inc. experienced an inadvertent disclosure of personal information on October 30, 2023, affecting 45,966 individuals, with one resident reported specifically. The breach involved exposed information such as Social Security numbers, and identity theft protection services were offered.
UKG Inc.
Ransomware
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: On February 3, 2022, the California Attorney General reported a ransomware attack affecting UKG Inc., which compromised personal information of individuals associated with PUMA North America, Inc. The breach occurred on December 11, 2021, but specific details regarding the number of individuals affected and the types of personal information involved remain unknown.
UKG Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for UKG
Incidents vs Software Development Industry Average (This Year)
No incidents recorded for UKG in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for UKG in 2025.
Incident Types UKG vs Software Development Industry Avg (This Year)
No incidents recorded for UKG in 2025.
Incident History — UKG (X = Date, Y = Severity)
UKG cyber incidents detection timeline including parent company and subsidiaries
UKG Company Subsidiaries
UKG is the Workforce Operating Platform that puts workforce understanding to work. With the world's largest collection of workforce insights, and people-first AI, our ability to reveal unseen ways to build trust, amplify productivity, and empower talent, is unmatched. It's this expertise that equips our customers with the intelligence to solve any challenge in any industry — because great organizations know their workforce is their competitive edge.
Loading...
UKG Similar Companies
Epic
Join us in our mission to help the world get well, help the world stay well, and help future generations be healthier. We hire smart and motivated people from all academic majors to code, test, and implement healthcare software that hundreds of millions of patients and doctors rely on to improve ca
Dassault Systèmes
Dassault Systèmes is a catalyst for human progress. Since 1981, the company has pioneered virtual worlds to improve real life for consumers, patients and citizens. With Dassault Systèmes’ 3DEXPERIENCE platform, 370,000 customers of all sizes, in all industries, can collaborate, imagine and create
Amazon is guided by four principles: customer obsession rather than competitor focus, passion for invention, commitment to operational excellence, and long-term thinking. We are driven by the excitement of building technologies, inventing products, and providing services that change lives. We embrac
Meta
Meta's mission is to build the future of human connection and the technology that makes it possible. Our technologies help people connect, find communities, and grow businesses. When Facebook launched in 2004, it changed the way people connect. Apps like Messenger, Instagram and WhatsApp further e
The Bosch Group is a leading global supplier of technology and services. It employs roughly 417,900 associates worldwide (as of December 31, 2024). According to preliminary figures, the company generated sales of 90.5 billion euros in 2024. Its operations are divided into four business sectors: Mobi
Autodesk is changing how the world is designed and made. Our technology spans architecture, engineering, construction, product design, manufacturing, and media and entertainment. We empower innovators everywhere to solve challenges, big and small. From greener buildings to smarter products and mo
The Facebook company is now Meta. Meta builds technologies that help people connect, find communities, and grow businesses. When Facebook launched in 2004, it changed the way people connect. Apps like Messenger, Instagram and WhatsApp further empowered billions around the world. Now, Meta is moving
Databricks is the Data and AI company. More than 10,000 organizations worldwide — including Block, Comcast, Condé Nast, Rivian, Shell and over 60% of the Fortune 500 — rely on the Databricks Data Intelligence Platform to take control of their data and put it to work with AI. Databricks is headquarte
IDEMIA Group unlocks simpler and safer ways to pay, connect, access, identify, travel and protect public places. With its long-standing expertise in biometrics and cryptography, IDEMIA develops technologies of excellence with an impactful, ethical, and socially responsible approach. Every day, IDEMI
.png)
UKG CyberSecurity News
November 18, 2025 12:46 PM
1 million strong: How CompTIA Security+ shapes cybersecurity skills around the world
Certification validates the skills required for core security functions and careers in cybersecurity. DOWNERS GROVE, Ill., Nov.
November 14, 2025 08:00 AM
A comprehensive list of 2025 tech layoffs
A complete list of all the known layoffs in tech, from Big Tech to startups, broken down by month throughout 2024 and 2025.
October 10, 2025 07:00 AM
Cybersecurity experts gather in Kilkenny for CINC 2025
Cybersecurity experts from Ireland and abroad gathered in Kilkenny to discuss AI security, quantum readiness and the growth of the industry.
May 08, 2025 07:00 AM
The UKG One View Solution Delivers Access to Real-time Data, AI Validation, and Instant Payroll Reporting to Customers
Global cybersecurity company delivered timely and accurate pay slips with UKG One View as deployments rolled out...
April 08, 2025 07:00 AM
A New Chief Information Officer Joins UKG
Prakash Kota has been appointed Chief Information Officer at UKG, a global leader in HR, payroll, and workforce management solutions.
April 07, 2025 07:00 AM
Tamil Nadu school served show-cause notice for forcing parents to sign stamp paper promising child's with
News News: The Tamil Nadu School Education Department has issued a show-cause notice to a private matriculation school in Coimbatore for...
February 28, 2025 08:00 AM
Employment screening provider data breach affects 3.3M people
A data breach at DISA Global Solutions, Inc., a third-party employment screening services provider, affected more than 3.3 million people, the company said.
January 03, 2025 08:00 AM
South Florida’s UKG grows in Ireland, plans to employ 200 there
Software maker UKG, with headquarters in Weston, is growing in Ireland too, adding 200 employees there at a new operations hub focused on cybersecurity.
September 12, 2024 07:00 AM
UKG Launches Global Operations Hub in Ireland
With a focus on cybersecurity talent, UKG to more than double Irish workforce. KILKENNY, Ireland–(BUSINESS WIRE)–UKG, a leading provider of...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
UKG CyberSecurity History Information
Official Website of UKG
The official website of UKG is ukg.com.
UKG’s AI-Generated Cybersecurity Score
According to Rankiteo, UKG’s AI-generated cybersecurity score is 706, reflecting their Moderate security posture.
How many security badges does UKG’ have ?
According to Rankiteo, UKG currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does UKG have SOC 2 Type 1 certification ?
According to Rankiteo, UKG is not certified under SOC 2 Type 1.
Does UKG have SOC 2 Type 2 certification ?
According to Rankiteo, UKG does not hold a SOC 2 Type 2 certification.
Does UKG comply with GDPR ?
According to Rankiteo, UKG is not listed as GDPR compliant.
Does UKG have PCI DSS certification ?
According to Rankiteo, UKG does not currently maintain PCI DSS compliance.
Does UKG comply with HIPAA ?
According to Rankiteo, UKG is not compliant with HIPAA regulations.
Does UKG have ISO 27001 certification ?
According to Rankiteo,UKG is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of UKG
UKG operates primarily in the Software Development industry.
Number of Employees at UKG
UKG employs approximately 15,791 people worldwide.
Subsidiaries Owned by UKG
UKG presently has no subsidiaries across any sectors.
UKG’s LinkedIn Followers
UKG’s official LinkedIn profile has approximately 298,648 followers.
NAICS Classification of UKG
UKG is classified under the NAICS code 5112, which corresponds to Software Publishers.
UKG’s Presence on Crunchbase
No, UKG does not have a profile on Crunchbase.
UKG’s Presence on LinkedIn
Yes, UKG maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/ukg.
Cybersecurity Incidents Involving UKG
As of November 27, 2025, Rankiteo reports that UKG has experienced 2 cybersecurity incidents.
Number of Peer and Competitor Companies
UKG has an estimated 26,597 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at UKG ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach and Ransomware.
Incident Details
Can you provide details on each incident ?
Title: UKG Inc. Data Breach
Description: The Maine Office of the Attorney General reported that UKG Inc. experienced an inadvertent disclosure of personal information on October 30, 2023, affecting 45,966 individuals, with one resident reported specifically. The breach involved exposed information such as Social Security numbers, and identity theft protection services were offered.
Date Detected: 2023-10-30
Type: Data Breach
Title: Ransomware Attack on UKG Inc. Affecting PUMA North America, Inc.
Description: A ransomware attack on UKG Inc. compromised personal information of individuals associated with PUMA North America, Inc.
Date Detected: 2021-12-11
Date Publicly Disclosed: 2022-02-03
Type: Ransomware
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach UKG921072725
Data Compromised: Social security numbers
Identity Theft Risk: High
Incident : Ransomware UKG550080525
Data Compromised: Personal information
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Social Security Numbers, , Personal Information and .
Which entities were affected by each incident ?
Incident : Data Breach UKG921072725
Entity Name: UKG Inc.
Entity Type: Company
Customers Affected: 45966
Incident : Ransomware UKG550080525
Entity Name: PUMA North America, Inc.
Entity Type: Company
Industry: Retail
Location: North America
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach UKG921072725
Type of Data Compromised: Social security numbers
Number of Records Exposed: 45966
Sensitivity of Data: High
Personally Identifiable Information: Yes
Incident : Ransomware UKG550080525
Type of Data Compromised: Personal information
References
Where can I find more information about each incident ?
Incident : Data Breach UKG921072725
Source: Maine Office of the Attorney General
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Maine Office of the Attorney General, and Source: California Attorney GeneralDate Accessed: 2022-02-03.
Additional Questions
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2023-10-30.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2022-02-03.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Social Security numbers, , Personal Information and .
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Social Security numbers and Personal Information.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 525.0.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are California Attorney General and Maine Office of the Attorney General.
.png)
Latest Global CVEs (Not Company-Specific)
Description
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.
Risk Information
cvss4
Base: 7.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
- https://github.com/angular/angular/commit/0276479e7d0e280e0f8d26fa567d3b7aa97a516f
- https://github.com/angular/angular/commit/05fe6686a97fa0bcd3cf157805b3612033f975bc
- https://github.com/angular/angular/commit/3240d856d942727372a705252f7c8c115394a41e
- https://github.com/angular/angular/releases/tag/19.2.16
- https://github.com/angular/angular/releases/tag/20.3.14
- https://github.com/angular/angular/releases/tag/21.0.1
- https://github.com/angular/angular/security/advisories/GHSA-58c5-g7wp-6w37
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 6.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected when working with large buffers. This includes a rule passing a large buffer to a Lua script. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling Lua rules and output scripts, or making sure limits, such as stream.depth.reassembly and HTTP response body limits (response-body-limit), are set to less than half the stack size.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64_data. This issue has been patched in version 8.0.2. A workaround involves disabling rules that use entropy in conjunction with base64_data.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=ukg' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
