Comparison Overview

URBN (Urban Outfitters, Anthropologie Group, Free People & Nuuly)

VS

Tapestry

URBN (Urban Outfitters, Anthropologie Group, Free People & Nuuly)

5000 South Broad Street, Philadelphia, 19112, US
Last Update: 2026-01-18
View Profile
Between 750 and 799
http://urbn.com

URBN Urban Outfitters, Inc. (www.urbn.com) is a portfolio of global consumer brands comprised of Anthropologie, Anthropologie Weddings, Free People, FP Movement, Terrain, Urban Outfitters, Nuuly, Reclectic, and Menus & Venues. At URBN, we Lead with Creativity…. Creativity guides our approach to product, environment, experience, and community. It drives our vision, strategy, and decision-making. It touches every job at URBN. Over the last 50 years, we have inspired our customers through our creative and entrepreneurial approach to products and services.

NAICS: 448
NAICS Definition: Clothing and Clothing Accessories Stores
Employees: 26,695
Subsidiaries: 9
12-month incidents
0
Known data breaches
0
Attack type number
0
View Profile

Tapestry

10 Hudson Yards, New York, New York, US, 10001
Last Update: 2026-01-19
Between 800 and 849
http://www.tapestry.com/

Our global house of brands unites the magic of Coach and Kate Spade New York. By intertwining different people and ideas, we push ourselves in our work and expand the bounds of possibility. Learn about our iconic brands: tapestry.com/our-brands We’ve grown by finding people dedicated to the dream all over the world. We hold ourselves to high standards in every material and process, and we embrace difference by design because diverse perspectives are at the heart of creativity. We find brilliance in the intersections—of beauty and function, of heritage and innovation, of accessibility and aspiration—which is how we bring together magic and logic in our craft. Find out about our people and employer priorities: tapestry.com/responsibility/our-people The result is that we stand taller together, elevating the best in our people and brands. We use our collective strengths to move our customers and empower our communities, to make the fashion industry sustainable, and to build a house that’s equitable, inclusive, and diverse. Individually, our brands are iconic. Together, we can stretch what’s possible. See our values and commitments to support our people, communities and planet: tapestry.com/responsibility __ Please Be Advised - Recruitment Scams: Tapestry and its brands will only reach out to interview, make an offer of employment or conduct onboarding activities for candidates who have applied through our careers site. If you find a job posting on a third-party job site, such as LinkedIn, please know that a legitimate posting will direct you to our careers site to apply. When interviewing for a position, the candidate experience will include live interaction, such as a video conference or phone call, with a Recruiter and/or company employee(s). Be aware of suspicious recruitment activity. If you think you are a victim of an employment scam, please visit the Federal Trade Commission website: https://www.consumer.ftc.gov/articles/0243-job-scams

NAICS: 448
NAICS Definition: Clothing and Clothing Accessories Stores
Employees: 19,167
Subsidiaries: 3
12-month incidents
0
Known data breaches
0
Attack type number
0

Compliance Badges Comparison

Security & Compliance Standards Overview

https://images.rankiteo.com/companyimages/urban-outfitters-inc.jpeg
URBN (Urban Outfitters, Anthropologie Group, Free People & Nuuly)
ISO 27001
ISO 27001 certification not verified
Not verified
SOC2 Type 1
SOC2 Type 1 certification not verified
Not verified
SOC2 Type 2
SOC2 Type 2 certification not verified
Not verified
GDPR
GDPR certification not verified
Not verified
PCI DSS
PCI DSS certification not verified
Not verified
HIPAA
HIPAA certification not verified
Not verified
https://images.rankiteo.com/companyimages/tapestryinc.jpeg
Tapestry
ISO 27001
ISO 27001 certification not verified
Not verified
SOC2 Type 1
SOC2 Type 1 certification not verified
Not verified
SOC2 Type 2
SOC2 Type 2 certification not verified
Not verified
GDPR
GDPR certification not verified
Not verified
PCI DSS
PCI DSS certification not verified
Not verified
HIPAA
HIPAA certification not verified
Not verified
Compliance Summary
URBN (Urban Outfitters, Anthropologie Group, Free People & Nuuly)
100%
Compliance Rate
0/4 Standards Verified
Tapestry
0%
Compliance Rate
0/4 Standards Verified

Benchmark & Cyber Underwriting Signals

Incidents vs Retail Apparel and Fashion Industry Average (This Year)

No incidents recorded for URBN (Urban Outfitters, Anthropologie Group, Free People & Nuuly) in 2026.

Incidents vs Retail Apparel and Fashion Industry Average (This Year)

No incidents recorded for Tapestry in 2026.

Incident History — URBN (Urban Outfitters, Anthropologie Group, Free People & Nuuly) (X = Date, Y = Severity)

URBN (Urban Outfitters, Anthropologie Group, Free People & Nuuly) cyber incidents detection timeline including parent company and subsidiaries

Incident History — Tapestry (X = Date, Y = Severity)

Tapestry cyber incidents detection timeline including parent company and subsidiaries

Notable Incidents

Last 3 Security & Risk Events by Company

https://images.rankiteo.com/companyimages/urban-outfitters-inc.jpeg
URBN (Urban Outfitters, Anthropologie Group, Free People & Nuuly)
Incidents

No Incident

https://images.rankiteo.com/companyimages/tapestryinc.jpeg
Tapestry
Incidents

No Incident

FAQ

Tapestry company demonstrates a stronger AI Cybersecurity Score compared to URBN (Urban Outfitters, Anthropologie Group, Free People & Nuuly) company, reflecting its advanced cybersecurity posture governance and monitoring frameworks.

Historically, Tapestry company has disclosed a higher number of cyber incidents compared to URBN (Urban Outfitters, Anthropologie Group, Free People & Nuuly) company.

In the current year, Tapestry company and URBN (Urban Outfitters, Anthropologie Group, Free People & Nuuly) company have not reported any cyber incidents.

Neither Tapestry company nor URBN (Urban Outfitters, Anthropologie Group, Free People & Nuuly) company has reported experiencing a ransomware attack publicly.

Neither Tapestry company nor URBN (Urban Outfitters, Anthropologie Group, Free People & Nuuly) company has reported experiencing a data breach publicly.

Neither Tapestry company nor URBN (Urban Outfitters, Anthropologie Group, Free People & Nuuly) company has reported experiencing targeted cyberattacks publicly.

Neither URBN (Urban Outfitters, Anthropologie Group, Free People & Nuuly) company nor Tapestry company has reported experiencing or disclosing vulnerabilities publicly.

Neither URBN (Urban Outfitters, Anthropologie Group, Free People & Nuuly) nor Tapestry holds any compliance certifications.

Neither company holds any compliance certifications.

URBN (Urban Outfitters, Anthropologie Group, Free People & Nuuly) company has more subsidiaries worldwide compared to Tapestry company.

URBN (Urban Outfitters, Anthropologie Group, Free People & Nuuly) company employs more people globally than Tapestry company, reflecting its scale as a Retail Apparel and Fashion.

Neither URBN (Urban Outfitters, Anthropologie Group, Free People & Nuuly) nor Tapestry holds SOC 2 Type 1 certification.

Neither URBN (Urban Outfitters, Anthropologie Group, Free People & Nuuly) nor Tapestry holds SOC 2 Type 2 certification.

Neither URBN (Urban Outfitters, Anthropologie Group, Free People & Nuuly) nor Tapestry holds ISO 27001 certification.

Neither URBN (Urban Outfitters, Anthropologie Group, Free People & Nuuly) nor Tapestry holds PCI DSS certification.

Neither URBN (Urban Outfitters, Anthropologie Group, Free People & Nuuly) nor Tapestry holds HIPAA certification.

Neither URBN (Urban Outfitters, Anthropologie Group, Free People & Nuuly) nor Tapestry holds GDPR certification.

Latest Global CVEs (Not Company-Specific)

Description

The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the processBackgroundAction() function in all versions up to, and including, 10.0.04. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify global map engine settings.

Published
Date
2026-01-24
Updated
Date
2026-01-24
Risk Information
cvss3
Base: 5.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
References
Description

The Save as PDF Plugin by PDFCrowd plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘options’ parameter in all versions up to, and including, 4.5.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. NOTE: Successful exploitation of this vulnerability requires that the PDFCrowd API key is blank (also known as "demo mode", which is the default configuration when the plugin is installed) or known.

Published
Date
2026-01-24
Updated
Date
2026-01-24
Risk Information
cvss3
Base: 6.1
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
References
Description

The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the action_import_module() function in all versions up to, and including, 7.8.9.2. This makes it possible for authenticated attackers, with a lower-privileged role (e.g., Subscriber-level access and above), to upload arbitrary files on the affected site's server which may make remote code execution possible. Successful exploitation requires an admin to grant Hustle module permissions (or module edit access) to the low-privileged user so they can access the Hustle admin page and obtain the required nonce.

Published
Date
2026-01-24
Updated
Date
2026-01-24
Risk Information
cvss3
Base: 7.5
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
References
Description

The WP Directory Kit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.9 via the wdk_public_action AJAX handler. This makes it possible for unauthenticated attackers to extract email addresses for users with Directory Kit-specific user roles.

Published
Date
2026-01-24
Updated
Date
2026-01-24
Risk Information
cvss3
Base: 5.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
References
Description

The Meta-box GalleryMeta plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

Published
Date
2026-01-24
Updated
Date
2026-01-24
Risk Information
cvss3
Base: 4.4
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
References