Yves Rocher
Company Details
Linkedin ID:
yves-rocher
Employees number:
12,382
Number of followers:
270,343
NAICS:
43
Industry Type:
Homepage:
groupe-rocher.com
IP Addresses:
0
Company ID:
YVE_1931567
Scan Status:
In-progress
Yves Rocher Company CyberSecurity Posture
groupe-rocher.com
🌿 Welcome to Yves Rocher, Creator of Botanical Beauty. For 65 years, the Brand has combined botanical effectiveness and consideration of CSR issues. A pioneer in plant-based cosmetics, it is today the No.1* Beauty Brand in France, and shines in all four corners of the world. Its unique control of its value chain allows the Brand to offer a wide diversity of expertises, from plant to skin: Botanists, Harvesters, Manufacturers, Retailers, as well as all the support functions that accompany the business. Convinced of the strength of the collective, Yves Rocher relies on its 6,800 employees around the world and works every day for a more natural and more responsible beauty. Joining Yves Rocher gives sense to your job. #MakeTheChoicetoAct 🌎 Key data: More than 20 million consumers in 90 countries Around 2,300 stores worldwide, 3,500 resale points and 1,100 institutes 250 million products distributed per year 🌱 Commitments: A French and efficient cosmetic based on plants • More natural formulas limiting the use of controversial ingredients • New beauty gestures reducing plastic • Certified organic plants grown using Agroecological methods • A more sustainable sourcing of botanical ingredients • Support the activities of our farming partners • A more energy-and water-efficient cosmetics industry • A brand whose employees take care for nature • Support the actions of the Yves Rocher Foundation • Make our daily lives greener together *Kantar 2022, in volume and value.
Yves Rocher A.I CyberSecurity Scoring
Yves Rocher Risk Score (AI oriented)Between 750 and 799
Yves Rocher
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Yves Rocher Global Score (TPRM)XXXX
Yves Rocher
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Yves Rocher Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
Arbonne
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: International multi-level marketing (MLM) firm Arbonne International exposed the personal information and credentials of thousands after its internal systems were breached by an unauthorized party. There was an unusual activity within a limited number of its internal systems. 3,527 California residents were impacted by the incident. The data compromised included names, email and mailing addresses, order purchase histories, phone numbers, and Arbonne account passwords.
Yves Rocher Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Yves Rocher
Incidents vs Retail Industry Average (This Year)
No incidents recorded for Yves Rocher in 2026.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Yves Rocher in 2026.
Incident Types Yves Rocher vs Retail Industry Avg (This Year)
No incidents recorded for Yves Rocher in 2026.
Incident History — Yves Rocher (X = Date, Y = Severity)
Yves Rocher cyber incidents detection timeline including parent company and subsidiaries
Yves Rocher Company Subsidiaries
🌿 Welcome to Yves Rocher, Creator of Botanical Beauty. For 65 years, the Brand has combined botanical effectiveness and consideration of CSR issues. A pioneer in plant-based cosmetics, it is today the No.1* Beauty Brand in France, and shines in all four corners of the world. Its unique control of its value chain allows the Brand to offer a wide diversity of expertises, from plant to skin: Botanists, Harvesters, Manufacturers, Retailers, as well as all the support functions that accompany the business. Convinced of the strength of the collective, Yves Rocher relies on its 6,800 employees around the world and works every day for a more natural and more responsible beauty. Joining Yves Rocher gives sense to your job. #MakeTheChoicetoAct 🌎 Key data: More than 20 million consumers in 90 countries Around 2,300 stores worldwide, 3,500 resale points and 1,100 institutes 250 million products distributed per year 🌱 Commitments: A French and efficient cosmetic based on plants • More natural formulas limiting the use of controversial ingredients • New beauty gestures reducing plastic • Certified organic plants grown using Agroecological methods • A more sustainable sourcing of botanical ingredients • Support the activities of our farming partners • A more energy-and water-efficient cosmetics industry • A brand whose employees take care for nature • Support the actions of the Yves Rocher Foundation • Make our daily lives greener together *Kantar 2022, in volume and value.
Loading...
Yves Rocher Similar Companies
Costco Wholesale
Costco Wholesale is a multibillion dollar global retailer with warehouse club operations in 14 countries. We are the recognized leader in our field, dedicated to quality in every area of our business and respected for our outstanding business ethics. Despite our large size and rapid international ex
Sodimac
#SomosUnEquipo Te invitamos a conocer y a ser parte de nuestra Casa, un lugar donde la innovación, la sostenibilidad y la diversidad se viven día a día. Con más de 60 años de trayectoria y presencia en Chile, Perú, Colombia, Argentina, Brasil, Uruguay y México, nuestra compañía se enfoca en el mejor
PUMA Group
PUMA is one of the world’s leading sports brands, designing, developing, selling and marketing footwear, apparel and accessories. For more than 75 years, PUMA has relentlessly pushed sport and culture forward by creating fast products for the world’s fastest athletes. PUMA offers performance and spo
Old Navy
Forget what you know about old-school industry rules. When you work at Old Navy, you’re choosing a different path. From day one, we’ve been on a mission to democratize fashion and make shopping fun again. Our teams make style accessible to everyone, creating high-quality, must-have fashion essential
Skechers
Skechers is a Fortune 500® company — a growth-oriented brand that designs, develops, and markets a diverse product portfolio of lifestyle and performance footwear, apparel and accessories for men, women and children around the globe. Skechers is focused on designing products that deliver style, com
ARKO Corp. (NASDAQ: ARKO)
ARKO Corp. (Nasdaq: ARKO) is a Fortune 500 company that owns 100% of GPM Investments, LLC and is one of the largest operators of convenience stores and wholesalers of fuel in the United States. Based in Richmond, VA, we operate A Family of Community Brands that offer delicious, prepared foods, beer,
Bunnings
We are the leading retailer of home improvement and outdoor living products in Australia & New Zealand and a major supplier to project builders, commercial tradespeople and the housing industry. Our ambition is to provide our customers with the widest range of home improvement products in accordanc
CarMax
We're fueled by a common goal: creating an iconic car-buying experience. We make car-buying fair, accessible, and joyful for all. We are committed to making progress in how we positively impact our society, now and in the future. Above all, we care about people. We are committed to putting people fi
American Eagle Outfitters Inc.
American Eagle Outfitters (AEO) is a portfolio of unique, loved and enduring brands: American Eagle, Aerie, OFFL/NE by Aerie, Todd Snyder and Unsubscribed. We provide a welcoming and engaging customer and associate experience, and we embrace all. Merchandise assortments consist of high-quality, on-t
.png)
Yves Rocher CyberSecurity News
October 15, 2019 07:00 AM
Cybercrime Diary, Vol. 4, No. 3: Who’s Hacked? Latest Data Breaches And Cyberattacks
Zynga and MoviePass leak data, Equifax, British Airways and Marriott pay for past breaches.
September 05, 2019 07:00 AM
Cosmetics giant Yves Rocher compromised, 2.5 million Canadians' data potentially leaked
Cybersecurity researchers have discovered that the personal data of about 2.5 million Canadian customers of cosmetics brand Yves Rocher were...
September 03, 2019 07:00 AM
Data Leak Hits 2.5 Million Customers of Cosmetics Giant Yves Rocher
Researchers from vpnMentor were able to access a private Aliznet database containing data on 2.5 million Canadian Yves Rocher customers.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Yves Rocher CyberSecurity History Information
Official Website of Yves Rocher
The official website of Yves Rocher is https://groupe-rocher.com/en/brands/yves-rocher.
Yves Rocher’s AI-Generated Cybersecurity Score
According to Rankiteo, Yves Rocher’s AI-generated cybersecurity score is 792, reflecting their Fair security posture.
How many security badges does Yves Rocher’ have ?
According to Rankiteo, Yves Rocher currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Has Yves Rocher been affected by any supply chain cyber incidents ?
According to Rankiteo, Yves Rocher has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.
Does Yves Rocher have SOC 2 Type 1 certification ?
According to Rankiteo, Yves Rocher is not certified under SOC 2 Type 1.
Does Yves Rocher have SOC 2 Type 2 certification ?
According to Rankiteo, Yves Rocher does not hold a SOC 2 Type 2 certification.
Does Yves Rocher comply with GDPR ?
According to Rankiteo, Yves Rocher is not listed as GDPR compliant.
Does Yves Rocher have PCI DSS certification ?
According to Rankiteo, Yves Rocher does not currently maintain PCI DSS compliance.
Does Yves Rocher comply with HIPAA ?
According to Rankiteo, Yves Rocher is not compliant with HIPAA regulations.
Does Yves Rocher have ISO 27001 certification ?
According to Rankiteo,Yves Rocher is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Yves Rocher
Yves Rocher operates primarily in the Retail industry.
Number of Employees at Yves Rocher
Yves Rocher employs approximately 12,382 people worldwide.
Subsidiaries Owned by Yves Rocher
Yves Rocher presently has no subsidiaries across any sectors.
Yves Rocher’s LinkedIn Followers
Yves Rocher’s official LinkedIn profile has approximately 270,343 followers.
NAICS Classification of Yves Rocher
Yves Rocher is classified under the NAICS code 43, which corresponds to Retail Trade.
Yves Rocher’s Presence on Crunchbase
No, Yves Rocher does not have a profile on Crunchbase.
Yves Rocher’s Presence on LinkedIn
Yes, Yves Rocher maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/yves-rocher.
Cybersecurity Incidents Involving Yves Rocher
As of January 24, 2026, Rankiteo reports that Yves Rocher has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
Yves Rocher has an estimated 15,595 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Yves Rocher ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
Incident Details
Can you provide details on each incident ?
Title: Arbonne International Data Breach
Description: International multi-level marketing (MLM) firm Arbonne International exposed the personal information and credentials of thousands after its internal systems were breached by an unauthorized party.
Type: Data Breach
Attack Vector: Internal System Breach
Threat Actor: Unauthorized Party
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach ARB1315301222
Data Compromised: Names, Email addresses, Mailing addresses, Order purchase histories, Phone numbers, Arbonne account passwords
Systems Affected: Internal Systems
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Names, Email Addresses, Mailing Addresses, Order Purchase Histories, Phone Numbers, Arbonne Account Passwords and .
Which entities were affected by each incident ?
Incident : Data Breach ARB1315301222
Entity Name: Arbonne International
Entity Type: Multi-Level Marketing Firm
Industry: MLM
Customers Affected: 3527
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach ARB1315301222
Type of Data Compromised: Names, Email addresses, Mailing addresses, Order purchase histories, Phone numbers, Arbonne account passwords
Number of Records Exposed: 3527
Personally Identifiable Information: Yes
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident was an Unauthorized Party.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Names, Email Addresses, Mailing Addresses, Order Purchase Histories, Phone Numbers, Arbonne Account Passwords and .
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Email Addresses, Names, Order Purchase Histories, Arbonne Account Passwords, Phone Numbers and Mailing Addresses.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 359.0.
.png)
Latest Global CVEs (Not Company-Specific)
Description
Typemill is a flat-file, Markdown-based CMS designed for informational documentation websites. A reflected Cross-Site Scripting (XSS) exists in the login error view template `login.twig` of versions 2.19.1 and below. The `username` value can be echoed back without proper contextual encoding when authentication fails. An attacker can execute script in the login page context. This issue has been fixed in version 2.19.2.
Risk Information
cvss3
Base: 5.4
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Description
A DOM-based Cross-Site Scripting (XSS) vulnerability exists in the DomainCheckerApp class within domain/script.js of Sourcecodester Domain Availability Checker v1.0. The vulnerability occurs because the application improperly handles user-supplied data in the createResultElement method by using the unsafe innerHTML property to render domain search results.
Description
A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Modern Image Gallery App v1.0 within the gallery/upload.php component. The application fails to properly validate uploaded file contents. Additionally, the application preserves the user-supplied file extension during the save process. This allows an unauthenticated attacker to upload arbitrary PHP code by spoofing the MIME type as an image, leading to full system compromise.
Description
A UNIX symbolic link following issue in the jailer component in Firecracker version v1.13.1 and earlier and 1.14.0 on Linux may allow a local host user with write access to the pre-created jailer directories to overwrite arbitrary host files via a symlink attack during the initialization copy at jailer startup, if the jailer is executed with root privileges. To mitigate this issue, users should upgrade to version v1.13.2 or 1.14.1 or above.
Risk Information
cvss3
Base: 6.0
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
cvss4
Base: 6.0
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description
An information disclosure vulnerability exists in the /srvs/membersrv/getCashiers endpoint of the Aptsys gemscms backend platform thru 2025-05-28. This unauthenticated endpoint returns a list of cashier accounts, including names, email addresses, usernames, and passwords hashed using MD5. As MD5 is a broken cryptographic function, the hashes can be easily reversed using public tools, exposing user credentials in plaintext. This allows remote attackers to perform unauthorized logins and potentially gain access to sensitive POS operations or backend functions.
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=yves-rocher' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
