Zoom Company CyberSecurity Posture

www.zoom.com
ISOSOC2 Type 1SOC2 Type 2PCI DSSHIPAAGDPR

Bring teams together, reimagine workspaces, engage new audiences, and delight your customers –– all on the Zoom AI-first work platform you know and love. 💙 Zoomies help people stay connected so they can get more done together. We set out on a mission to make video communications frictionless and secure by building the world’s best video product for the enterprise, but we didn’t stop there. With products like AI Companion, Team Chat, Contact Center, Phone, Events, Rooms, Webinar, Contact Center and more, we bring innovation to a wide variety of customers, from the conference room to the classroom, from doctor’s offices to financial institutions to government agencies, from global brands to small businesses. We do what we do because of our core value of Care: care for our community, our customers, our company, our teammates, and ourselves. Our global employees help our customers meet happier, communicate better, and create meaningful connections the world over. Zoomies are problem-solvers and self-starters, working hard to get results and moving quickly to design solutions with our customers and users in mind. Here, you'll find room to grow with opportunities to stretch your skills and advance your career in a collaborative, growth-focused environment. Learn more about careers at Zoom by visiting our careers site: https://careers.zoom.us/home

Zoom A.I CyberSecurity Scoring

Zoom

Company Details

Linkedin ID:

zoom

Website:

www.zoom.com

Employees number:

11,719

Number of followers:

631,702

NAICS:

5415

Industry Type:

IT Services and IT Consulting

Homepage:

www.zoom.com

IP Addresses:

Scan still pending

Company ID:

ZOO_2866788

Scan Status:

In-progress

AI scoreZoom Risk Score (AI oriented)

Between 750 and 799

https://images.rankiteo.com/companyimages/zoom.jpeg
Zoom IT Services and IT Consulting
Updated:
  • Powered by our proprietary A.I cyber incident model
  • Insurance preferes TPRM score to calculate premium
globalscoreZoom Global Score (TPRM)

XXXX

https://images.rankiteo.com/companyimages/zoom.jpeg
Zoom IT Services and IT Consulting
  • Instant access to detailed risk factors
  • Benchmark vs. industry & size peers
  • Vulnerabilities
  • Findings

Zoom

Fair
Current Score
799
Baa (Fair)
01000
2 incidents
0 avg impact

Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.

DECEMBER 2025
798
NOVEMBER 2025
797
OCTOBER 2025
797
SEPTEMBER 2025
796
AUGUST 2025
796
JULY 2025
796
JUNE 2025
797
Vulnerability
16 Jun 2025 • Zoom
Zoom Client Vulnerabilities Enable DoS Attacks

Recently, two vulnerabilities were discovered in specific Zoom Clients for Windows, which could enable attackers to launch Denial of Service (DoS) attacks. These flaws, tracked under CVE-2025-49464 and CVE-2025-46789, were reported by security researcher fre3dm4n and carry a Medium severity rating with a CVSS score of 6.5 each. The vulnerabilities stem from a classic buffer overflow issue in the affected Zoom products. This flaw could enable an authorized user with network access to exploit the system, causing a DoS condition that disrupts service availability. The CVSS vector string for both issues indicates a high impact on availability, though confidentiality and integrity remain unaffected. The potential for disruption is significant for organizations relying on Zoom for communication. The vulnerabilities impact multiple Zoom products for Windows, with slight variations in affected versions between the two CVEs.

797
low -0
ZOO619070925
Incident Details -
Type
Vulnerability Exploitation
Attack Vector
Buffer Overflow
Vulnerability Exploited
CVE-2025-49464 CVE-2025-46789
Motivation
Disruption of Service
Impact
Zoom Workplace for Windows Zoom Workplace VDI for Windows Zoom Rooms for Windows Zoom Rooms Controller for Windows Zoom Meeting SDK for Windows Operational Impact: Disruption of Communication Services
Response
Remediation Measures: Apply the latest patches
Lessons Learned
Ensuring that software is up to date is critical in safeguarding against potential exploits.
Recommendations
Stay vigilant about software updates to protect against buffer overflow issues.
Post Incident Analysis
Root Causes: Buffer overflow in Zoom products Corrective Actions: Apply patches to affected Zoom products
References
Blog URL Source URL
MAY 2025
796
APRIL 2025
796
MARCH 2025
796
FEBRUARY 2025
796
JANUARY 2025
796
JUNE 1967
797
Breach
16 Jun 1967 • Zoom
Non-Breach Privacy Exposures and Lawsuits in Cyber Insurance

In 2021, Zoom faced a **$85 million class-action lawsuit settlement** due to allegations of **wrongful data sharing with third parties** and inadequate measures to prevent **unauthorized meeting disruptions ('Zoombombing')**. The lawsuit did not involve a traditional cyber breach, hacking, or data exfiltration but centered on **violations of privacy laws**, including improper handling of user data and failure to disclose tracking practices transparently. Plaintiffs argued that Zoom collected, shared, and mishandled personal information without proper consent, violating statutes like the **California Invasion of Privacy Act (1967)** and **federal wiretapping laws**. The case highlighted **non-breach privacy risks**, where companies face legal and financial repercussions for **non-compliance with data protection regulations** rather than direct cyberattacks. The settlement underscored the growing threat of **privacy litigation** tied to website tracking, data collection, and regulatory non-adherence, even without a security incident.

714
medium -83
ZOO35103935112525
Incident Details -
Type
Privacy Violation Regulatory Non-Compliance Class-Action Lawsuit
Motivation
Financial Gain (Litigation) Regulatory Enforcement Consumer Protection
Impact
Financial Loss: $85M (Zoom settlement, 2021) Legal Defense Costs Reputation Damage Compliance Overhead Class-Action Lawsuits Privacy Violations Brand Reputation Impact: High (due to publicized lawsuits and regulatory scrutiny) Class-Action Settlements Regulatory Fines (Potential) Statutory Damages
Response
Cyber Insurers (e.g., Resilience, Axa XL, Travelers) Legal Counsel Privacy Consultants Removal of unnecessary tracking tools (e.g., pixels) Annual privacy policy updates Opt-in consent banners on websites AI-driven privacy policy audits Legal Defense Strategies Compliance Program Enhancements Public Settlements (e.g., Zoom) Regulatory Disclosures Website tracking technology scans (e.g., by Travelers)
Regulatory Compliance
California Invasion of Privacy Act (1967) Federal Video Privacy Protection Act (VPPA, 1988) Illinois Biometric Information Privacy Act (BIPA, 2008) State Wiretapping Statutes California AB 656 (2023, Social Media Data Deletion) GDPR-like State Laws (e.g., CCPA) $85M (Zoom settlement) Potential fines under BIPA/VPPA Class-Action Lawsuits Regulatory Investigations California AB 656 Compliance GDPR/EU-Aligned State Laws
Lessons Learned
Non-breach privacy risks (e.g., wrongful data collection/sharing) are as critical as traditional breaches. Proactive website audits (e.g., tracking tools, pixels) reduce litigation risks. Clear privacy policies and opt-in consent mechanisms are essential for compliance. Cyber insurance coverage for non-breach privacy claims varies widely; policy reviews are critical. Regulatory proliferation (e.g., state-level GDPR-like laws) increases plaintiff opportunities.
Recommendations
Conduct annual reviews of website tracking technologies (e.g., pixels, cookies). Implement opt-in consent banners for data collection. Update privacy policies to align with evolving regulations (e.g., CCPA, BIPA). Work with insurers/underwriters to assess non-breach privacy exposures. Use AI tools to audit privacy policies for required disclosures. Remove unnecessary data collection tools lacking clear business justification. Monitor regulatory changes (e.g., California AB 656) and adjust compliance programs.
Investigation Status
Ongoing (Industry-Wide Trend)
Customer Advisories
Companies should disclose data collection practices transparently. Users may request data deletion under laws like California AB 656.
Stakeholder Advisories
Cyber insurers recommend proactive privacy risk assessments. Legal counsel advises on compliance with state/federal privacy laws. Underwriters focus on website data collection/sharing practices.
Post Incident Analysis
Lack of transparency in data collection/sharing (e.g., Zoom). Overuse of tracking technologies (e.g., pixels) without consent. Non-compliance with evolving privacy regulations (e.g., BIPA, VPPA). Inadequate privacy policy disclosures. Enhanced privacy policy disclosures. Removal of non-essential tracking tools. Opt-in consent mechanisms for data collection. Regular compliance audits (e.g., annual privacy policy reviews). Collaboration with insurers for risk mitigation.
References
Blog URL Source URL

Frequently Asked Questions

According to Rankiteo, the current A.I.-based Cyber Score for Zoom is 799, which corresponds to a Fair rating.

According to Rankiteo, the A.I. Rankiteo Cyber Score for November 2025 was 797.

According to Rankiteo, the A.I. Rankiteo Cyber Score for October 2025 was 797.

According to Rankiteo, the A.I. Rankiteo Cyber Score for September 2025 was 796.

According to Rankiteo, the A.I. Rankiteo Cyber Score for August 2025 was 796.

According to Rankiteo, the A.I. Rankiteo Cyber Score for July 2025 was 796.

According to Rankiteo, the A.I. Rankiteo Cyber Score for June 2025 was 797.

According to Rankiteo, the A.I. Rankiteo Cyber Score for May 2025 was 796.

According to Rankiteo, the A.I. Rankiteo Cyber Score for April 2025 was 796.

According to Rankiteo, the A.I. Rankiteo Cyber Score for March 2025 was 796.

According to Rankiteo, the A.I. Rankiteo Cyber Score for February 2025 was 796.

According to Rankiteo, the A.I. Rankiteo Cyber Score for January 2025 was 796.

Over the past 12 months, the average per-incident point impact on Zoom’s A.I Rankiteo Cyber Score has been 0 points.

You can access Zoom’s cyber incident details on Rankiteo by visiting the following link: https://www.rankiteo.com/company/zoom.

You can find the summary of the A.I Rankiteo Risk Scoring methodology on Rankiteo by visiting the following link: Rankiteo Algorithm.

You can view Zoom’s profile page on Rankiteo by visiting the following link: https://www.rankiteo.com/company/zoom.

With scores of 18.5/20 from OpenAI ChatGPT, 20/20 from Mistral AI, and 17/20 from Claude AI, the A.I. Rankiteo Risk Scoring methodology is validated as a market leader.