FEMSA
Company Details
Linkedin ID:
femsa
Website:
Employees number:
11,953
Number of followers:
1,679,763
NAICS:
30
Industry Type:
Homepage:
femsa.com
IP Addresses:
0
Company ID:
FEM_1107387
Scan Status:
In-progress
FEMSA Company CyberSecurity Posture
femsa.com
FEMSA is a company that creates economic and social value through companies and institutions and strives to be the best employer and neighbor to the communities in which it operates. It participates in the retail industry through a Proximity Division operating OXXO, a small-format store chain, OXXO Gas, a chain of retail service stations, and Valora, an operator of convenience and foodvenience formats present in 5 countries in Europe. In the retail industry it also participates though a Health Division, which includes drugstores and related activities and Digital@FEMSA, which includes Spin by OXXO and OXXO Premia, among other loyalty and digital financial services initiatives. In the beverage industry, it participates through Coca-Cola FEMSA, the largest franchise bottler of Coca-Cola products in the world by volume. FEMSA also participates in the logistics and distribution industry through its Strategic Business Unit, which additionally provides point-of-sale refrigeration and plastic solutions to its business units and third-party clients. Across its business units, FEMSA has more than 350,000 employees in 18 countries. FEMSA is a member of the Dow Jones Sustainability MILA Pacific Alliance, the FTSE4Good Emerging Index and the Mexican Stock Exchange Sustainability Index: S&P/BMV Total México ESG, among other indexes that evaluate its sustainability performance.
FEMSA A.I CyberSecurity Scoring
FEMSA Risk Score (AI oriented)Between 800 and 849
FEMSA
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
FEMSA Global Score (TPRM)XXXX
FEMSA
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
FEMSA Company CyberSecurity News & History
Past Incidents
0
Attack Types
0
No data available
FEMSA Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for FEMSA
Incidents vs Manufacturing Industry Average (This Year)
No incidents recorded for FEMSA in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for FEMSA in 2025.
Incident Types FEMSA vs Manufacturing Industry Avg (This Year)
No incidents recorded for FEMSA in 2025.
Incident History — FEMSA (X = Date, Y = Severity)
FEMSA cyber incidents detection timeline including parent company and subsidiaries
FEMSA Company Subsidiaries
FEMSA is a company that creates economic and social value through companies and institutions and strives to be the best employer and neighbor to the communities in which it operates. It participates in the retail industry through a Proximity Division operating OXXO, a small-format store chain, OXXO Gas, a chain of retail service stations, and Valora, an operator of convenience and foodvenience formats present in 5 countries in Europe. In the retail industry it also participates though a Health Division, which includes drugstores and related activities and Digital@FEMSA, which includes Spin by OXXO and OXXO Premia, among other loyalty and digital financial services initiatives. In the beverage industry, it participates through Coca-Cola FEMSA, the largest franchise bottler of Coca-Cola products in the world by volume. FEMSA also participates in the logistics and distribution industry through its Strategic Business Unit, which additionally provides point-of-sale refrigeration and plastic solutions to its business units and third-party clients. Across its business units, FEMSA has more than 350,000 employees in 18 countries. FEMSA is a member of the Dow Jones Sustainability MILA Pacific Alliance, the FTSE4Good Emerging Index and the Mexican Stock Exchange Sustainability Index: S&P/BMV Total México ESG, among other indexes that evaluate its sustainability performance.
Loading...
FEMSA Similar Companies
Ternium
Ternium (NYSE:TX) is the largest steel producer in Latin America. With production centers in Argentina, Brazil, Colombia, the United States, Guatemala, and Mexico, Ternium has an extensive network of service and distribution centers in the continent, in addition to participating in the control group
Celestica enables the world's best brands. Through our unrivaled customer-centric approach, we partner with leading companies in aerospace and defense, communications, enterprise, healthtech, industrial, capital equipment, and smart energy to deliver solutions for their most complex challenges. A le
Godrej & Boyce Mfg. Co. Ltd.
Godrej is one of India’s most trusted brands serving over 1.1bn customers worldwide, every day. Godrej & Boyce, a Godrej group company, began it's journey in 1897 with the manufacture of high quality locks and continues with its outstanding engineering capabilities across diverse categories – from
For the builders and protectors, for the makers and explorers, for those shaping and reshaping our world through hard work and inspiration, Stanley Black & Decker provides the tools and innovative solutions you can trust to get the job done—and we have since 1843. You repair your home and car with
Kimberly-Clark
As a Kimberly-Clark employee, you have an opportunity to impact billions of lives through the products we make, the workplaces we create and the communities we serve. The proof is in our purpose – Here, we are creating Better Care for a Better World and it starts with YOU! Learn more about us and se
Henkel
Henkel operates worldwide with leading innovations, brands and technologies in two business areas: Adhesive Technologies and Consumer Brands. Founded in 1876, Henkel looks back on more than 145 years of success. The company holds leading positions with its two business units in both industrial and
Godrej Enterprises Group
Since 1897, Godrej Enterprises Group (which includes Godrej & Boyce and its affiliates) has contributed significantly to India’s economic growth and self-reliance by providing complex engineering, design led innovation, and sustainable manufacturing solutions. From the world’s first patented springl
Tupy is a Brazilian company specialized in developing and manufacturing highly-engineered structural cast iron components applied to complex metallurgical and geometrical components extensively used in capital goods that serve freight transport, construction industry, agriculture and many others in
RPG Group
RPG Group, established in 1979 and headquartered in Mumbai, is one of India's fastest growing diversified business group with a turnover in excess of US$5.2 billion. The Group has a presence in the core sectors of the economy - Infrastructure (KEC International), Mobility (CEAT), Information Technol
.png)
FEMSA CyberSecurity News
September 08, 2025 07:00 AM
ANDICOM 2025 Draws 6,000 Attendees to Cartagena for Latin American Business and Technology Conference
ANDICOM 2025, the Andes region's largest and most important enterprise technology conference, took place last week in Cartagena,...
February 28, 2025 08:00 AM
FEMSA Eyes Banking License as Spin by OXXO Grows Rapidly
FEMSA plans to seek a banking license, expanding Spin by OXXO's services, which reached 13.1 million users in 2024.
September 11, 2023 07:00 AM
Hackers Claim Coca-Cola Bottler Paid $1.5 Million to Keep Lid on ‘Certain’ Files Stolen in Ransomware Attack
Coca-Cola FEMSA, the world's largest franchise Coca-Cola bottler, allegedly suffered a cyberattack, prompting management to pay the hackers...
June 13, 2023 07:00 AM
Coca-Cola FEMSA “company data” published by hackers
Coca-Cola FEMSA has experienced a cybersecurity incident in which perpetrators extracted “certain company data” and published it.
December 06, 2021 08:00 AM
Tec de Monterrey inaugurates Cybersecurity Hub facilities
It is part of the School of Engineering and Sciences, it is located on 278 square meters and has ultimate equipment.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
FEMSA CyberSecurity History Information
Official Website of FEMSA
The official website of FEMSA is http://www.femsa.com.
FEMSA’s AI-Generated Cybersecurity Score
According to Rankiteo, FEMSA’s AI-generated cybersecurity score is 814, reflecting their Good security posture.
How many security badges does FEMSA’ have ?
According to Rankiteo, FEMSA currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does FEMSA have SOC 2 Type 1 certification ?
According to Rankiteo, FEMSA is not certified under SOC 2 Type 1.
Does FEMSA have SOC 2 Type 2 certification ?
According to Rankiteo, FEMSA does not hold a SOC 2 Type 2 certification.
Does FEMSA comply with GDPR ?
According to Rankiteo, FEMSA is not listed as GDPR compliant.
Does FEMSA have PCI DSS certification ?
According to Rankiteo, FEMSA does not currently maintain PCI DSS compliance.
Does FEMSA comply with HIPAA ?
According to Rankiteo, FEMSA is not compliant with HIPAA regulations.
Does FEMSA have ISO 27001 certification ?
According to Rankiteo,FEMSA is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of FEMSA
FEMSA operates primarily in the Manufacturing industry.
Number of Employees at FEMSA
FEMSA employs approximately 11,953 people worldwide.
Subsidiaries Owned by FEMSA
FEMSA presently has no subsidiaries across any sectors.
FEMSA’s LinkedIn Followers
FEMSA’s official LinkedIn profile has approximately 1,679,763 followers.
NAICS Classification of FEMSA
FEMSA is classified under the NAICS code 30, which corresponds to Manufacturing.
FEMSA’s Presence on Crunchbase
No, FEMSA does not have a profile on Crunchbase.
FEMSA’s Presence on LinkedIn
Yes, FEMSA maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/femsa.
Cybersecurity Incidents Involving FEMSA
As of December 11, 2025, Rankiteo reports that FEMSA has not experienced any cybersecurity incidents.
Number of Peer and Competitor Companies
FEMSA has an estimated 7,821 peer or competitor companies worldwide.
FEMSA CyberSecurity History Information
How many cyber incidents has FEMSA faced ?
Total Incidents: According to Rankiteo, FEMSA has faced 0 incidents in the past.
What types of cybersecurity incidents have occurred at FEMSA ?
Incident Types: The types of cybersecurity incidents that have occurred include .
Incident Details
What are the most common types of attacks the company has faced ?
Additional Questions
.png)
Latest Global CVEs (Not Company-Specific)
Description
FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions prior to 16.0.96 and 17.0.1 through 17.0.9 have a weak default password. By default, this is a 6 digit numeric value which can be brute forced. (This is the app_password parameter). Depending on local configuration, this password could be the extension, voicemail, user manager, DPMA or EPM phone admin password. This issue is fixed in versions 16.0.96 and 17.0.10.
Risk Information
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Neuron is a PHP framework for creating and orchestrating AI Agents. In versions 2.8.11 and below, the MySQLWriteTool executes arbitrary SQL provided by the caller using PDO::prepare() + execute() without semantic restrictions. This is consistent with the name (“write tool”), but in an LLM/agent context it becomes a high-risk capability: prompt injection or indirect prompt manipulation can cause execution of destructive queries such as DROP TABLE, TRUNCATE, DELETE, ALTER, or privilege-related statements (subject to DB permissions). Deployments that expose an agent with MySQLWriteTool enabled to untrusted input and/or run the tool with a DB user that has broad privileges are impacted. This issue is fixed in version 2.8.12.
Risk Information
cvss3
Base: 9.4
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
Description
Neuron is a PHP framework for creating and orchestrating AI Agents. Versions 2.8.11 and below use MySQLSelectTool, which is vulnerable to Read-Only Bypass. MySQLSelectTool is intended to be a read-only SQL tool (e.g., for LLM agent querying, however, validation based on the first keyword (e.g., SELECT) and a forbidden-keyword list does not block file-writing constructs such as INTO OUTFILE / INTO DUMPFILE. As a result, an attacker who can influence the tool input (e.g., via prompt injection through a public agent endpoint) may write arbitrary files to the DB server if the MySQL/MariaDB account has the FILE privilege and server configuration permits writes to a useful location (e.g., a web-accessible directory). This issue is fixed in version 2.8.12.
Risk Information
cvss3
Base: 8.2
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
Description
Okta Java Management SDK facilitates interactions with the Okta management API. In versions 11.0.0 through 20.0.0, race conditions may arise from concurrent requests using the ApiClient class. This could cause a status code or response header from one request’s response to influence another request’s response. This issue is fixed in version 20.0.1.
Risk Information
cvss3
Base: 8.4
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L
Description
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. When using versions 4.11.0 through 4.11.2 and 4.12.0, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results. This issue is fixed in versions 4.11.2 and 4.12.1.
Risk Information
cvss3
Base: 5.4
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=femsa' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
