Five Below
Company Details
Linkedin ID:
five-below
Website:
Employees number:
12,118
Number of followers:
193,186
NAICS:
43
Industry Type:
Homepage:
fivebelow.com
IP Addresses:
0
Company ID:
FIV_4813942
Scan Status:
In-progress
Five Below Company CyberSecurity Posture
fivebelow.com
At Five Below our growth is a result of the people who embrace our purpose: We know life is way better when you are free to Let Go & Have Fun in an amazing experience, filled with unlimited possibilities, priced so low, you can always say yes to the newest, coolest stuff! Just ask any of our over 20,000 associates who work at Five Below and they’ll tell you there’s no other place like it. It all starts with our purpose and then, The Five Below Way, which is our values and behaviors that each and every associate believes in. So if your heart is beating a little quicker and your smile is getting bigger now that you know what we’re all about, let’s just say your search for a one-of-a-kind experience that’s much more than a j-o-b just might be officially ending HERE. It’s all about culture at Five Below, making this a place that can inspire you as much as you inspire us with big ideas, super energy, passion, and the ability to make the workplace a WOWplace! BE AWARE OF FRAUD! Please be aware of potentially fraudulent job postings or suspicious recruiter activity by persons that are posing as a Five Below recruiters. Please confirm that the person you are working with has an @fivebelow.com email address. Additionally, Five Below does NOT request financial information or payments from candidates at any point during the hiring process. If you suspect fraudulent activity, please visit Five Below’s Careers Site at www.fivebelow.com/info/careers to verify the posting.
Five Below A.I CyberSecurity Scoring
Five Below Risk Score (AI oriented)Between 750 and 799
Five Below
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Five Below Global Score (TPRM)XXXX
Five Below
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Five Below Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
Five Below, Inc.
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The California Office of the Attorney General reported a data breach involving Five Below, Inc. on February 14, 2019. The breach, which occurred between November 13, 2018, and January 11, 2019, involved unauthorized access to customers' payment card information, such as card numbers and security codes. The number of affected individuals is currently unknown.
Five Below Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Five Below
Incidents vs Retail Industry Average (This Year)
No incidents recorded for Five Below in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Five Below in 2025.
Incident Types Five Below vs Retail Industry Avg (This Year)
No incidents recorded for Five Below in 2025.
Incident History — Five Below (X = Date, Y = Severity)
Five Below cyber incidents detection timeline including parent company and subsidiaries
Five Below Company Subsidiaries
At Five Below our growth is a result of the people who embrace our purpose: We know life is way better when you are free to Let Go & Have Fun in an amazing experience, filled with unlimited possibilities, priced so low, you can always say yes to the newest, coolest stuff! Just ask any of our over 20,000 associates who work at Five Below and they’ll tell you there’s no other place like it. It all starts with our purpose and then, The Five Below Way, which is our values and behaviors that each and every associate believes in. So if your heart is beating a little quicker and your smile is getting bigger now that you know what we’re all about, let’s just say your search for a one-of-a-kind experience that’s much more than a j-o-b just might be officially ending HERE. It’s all about culture at Five Below, making this a place that can inspire you as much as you inspire us with big ideas, super energy, passion, and the ability to make the workplace a WOWplace! BE AWARE OF FRAUD! Please be aware of potentially fraudulent job postings or suspicious recruiter activity by persons that are posing as a Five Below recruiters. Please confirm that the person you are working with has an @fivebelow.com email address. Additionally, Five Below does NOT request financial information or payments from candidates at any point during the hiring process. If you suspect fraudulent activity, please visit Five Below’s Careers Site at www.fivebelow.com/info/careers to verify the posting.
Loading...
Five Below Similar Companies
RGIS
Since 1958, we’ve been pushing the envelope for accurate and reliable inventories and quality retail merchandising services. Our trusted results allowed us to expand across the globe as well as leverage our expertise to service other industries. With nation-wide coverage and thousands of employees
SPAR South Africa
There’s something different about shopping at SPAR, that’s because we’ve created a culture of caring and community to ensure our customers have a consistently enjoyable shopping experience in a uniquely friendly and family orientated store. Nothing means more to us than our valued customers and we
Dollar General
Dollar General has been Serving Others for approximately 85 years. With approximately 20,000 stores, we serve communities across the country, from right around the corner. We exist to provide convenience, quality, and value, so our customers can get back to what's important. Our products include hig
TJX Canada – Winners, Marshalls, HomeSense
Want to put your skills and talents to work? TJX Canada is a thriving company with endless professional opportunities: buying, planning & allocation, merchandising, marketing, retailing and much more. If you love the idea of working in a dynamic, fast-paced environment where every day is different,
Mercadona
Mercadona is a leading company of physical supermarkets in Spain with an online service, with over 1,600 stores and more than 5.7 million households as customers. Additionally, it has more than 30 stores in Portugal, with a presence in nine different districts. A family-owned company, its objective
Best Buy
At Best Buy, our purpose is to enrich lives through technology. We do that by leveraging our unique combination of tech expertise and human touch to meet our customers’ everyday needs, whether they come to us online, visit our stores or invite us into their homes. With over 1,000 stores and more tha
Love's Travel Stops
Founded in 1964 by Tom Love, Love’s Family of Companies is headquartered in Oklahoma City, and remains entirely family-owned and operated. With more than 600 locations in 42 states, Love’s approximate growth rate is 40 stores per year. From the first filling station in Watonga, Oklahoma, the Love’s
Walmart Canada
Walmart Canada operates a chain of more than 400 stores nationwide serving 1.5 million customers each day. Walmart Canada's flagship online store, Walmart.ca is visited by more than 1.5 million customers daily. With more than 100,000 associates, Walmart Canada is one of Canada's largest employers an
Circle K
Our mission at Circle K is to make our customers' lives a little easier every day. We are part of communities across North America, Europe, Asia, and the Middle East, helping us grow into one of the world’s leading convenience and fuel retail businesses. Our parent company, Alimentation Couche-Tard
.png)
Five Below CyberSecurity News
November 19, 2025 09:01 PM
Five Below, Inc. Announces Third Quarter 2025 Earnings Release and Conference Call Date
PHILADELPHIA, PA, Nov. 19, 2025 -- Five Below, Inc. , the trend-right, extreme-value brand for kids, today announced that its financial...
November 16, 2025 10:10 AM
Five major changes to the regulation of cybersecurity in the UK under the Cyber Security and Resilience Bill
As the UK Government has recognized, cyber incidents—such as Jaguar Land Rover, Marks and Spencer, Royal Mail and the British Library—are...
October 30, 2025 07:00 AM
Helping Quebec non-profits below ‘cybersecurity poverty line’ strengthen networks
Facing the threat of cyberattacks and with limited budgets, non-profit organizations across Quebec are being offered free cybersecurity...
October 23, 2025 07:00 AM
Top 5 Cybersecurity Facts, Figures, Predictions, And Statistics For 2020 To 2021
Cybercrime Magazine extrapolates the top 5 market data points from our research in order to summarize the cybersecurity industry through 2021.
October 01, 2025 07:00 AM
Personal Cybersecurity Tips for Seniors: Protect Your Online Life
Older adults face growing cybersecurity risks online. Learn practical steps to strengthen your digital security, including safe password...
September 12, 2025 07:00 AM
The Big 5 Still Aren’t Buying Many Startups
If the five most-valuable U.S. technology companies want to buy startups, they can certainly afford to do so. Today, the Big Five — Nvidia,...
September 12, 2025 07:00 AM
Top Stocks That Had Their IPO in 2012
The Class of 2012 delivered some massive winners. ServiceNow (+5083%), Meta (+1881%), and Guidewire (+1852%) demonstrate the impact of...
July 23, 2025 07:00 AM
Check Out The 15 Best Cybersecurity Certifications
In this article, we highlight 15 of the top certifications for cybersecurity pros, including options for all career stages and several major industry...
July 07, 2025 07:00 AM
What is the Future of Cybersecurity?
Below are five cybersecurity trends enterprises must understand and address as they move forward. Trend 1: AI is a double-edged sword in cybersecurity.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Five Below CyberSecurity History Information
Official Website of Five Below
The official website of Five Below is http://www.fivebelow.com.
Five Below’s AI-Generated Cybersecurity Score
According to Rankiteo, Five Below’s AI-generated cybersecurity score is 787, reflecting their Fair security posture.
How many security badges does Five Below’ have ?
According to Rankiteo, Five Below currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Five Below have SOC 2 Type 1 certification ?
According to Rankiteo, Five Below is not certified under SOC 2 Type 1.
Does Five Below have SOC 2 Type 2 certification ?
According to Rankiteo, Five Below does not hold a SOC 2 Type 2 certification.
Does Five Below comply with GDPR ?
According to Rankiteo, Five Below is not listed as GDPR compliant.
Does Five Below have PCI DSS certification ?
According to Rankiteo, Five Below does not currently maintain PCI DSS compliance.
Does Five Below comply with HIPAA ?
According to Rankiteo, Five Below is not compliant with HIPAA regulations.
Does Five Below have ISO 27001 certification ?
According to Rankiteo,Five Below is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Five Below
Five Below operates primarily in the Retail industry.
Number of Employees at Five Below
Five Below employs approximately 12,118 people worldwide.
Subsidiaries Owned by Five Below
Five Below presently has no subsidiaries across any sectors.
Five Below’s LinkedIn Followers
Five Below’s official LinkedIn profile has approximately 193,186 followers.
NAICS Classification of Five Below
Five Below is classified under the NAICS code 43, which corresponds to Retail Trade.
Five Below’s Presence on Crunchbase
Yes, Five Below has an official profile on Crunchbase, which can be accessed here: https://www.crunchbase.com/organization/five-below.
Five Below’s Presence on LinkedIn
Yes, Five Below maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/five-below.
Cybersecurity Incidents Involving Five Below
As of December 11, 2025, Rankiteo reports that Five Below has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
Five Below has an estimated 15,469 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Five Below ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
Incident Details
Can you provide details on each incident ?
Title: Data Breach at Five Below, Inc.
Description: The California Office of the Attorney General reported a data breach involving Five Below, Inc. on February 14, 2019. The breach, which occurred between November 13, 2018, and January 11, 2019, involved unauthorized access to customers' payment card information, such as card numbers and security codes. The number of affected individuals is currently unknown.
Date Detected: 2019-02-14
Date Publicly Disclosed: 2019-02-14
Type: Data Breach
Attack Vector: Unauthorized Access
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach FIV856080425
Data Compromised: Payment card information, Card numbers, Security codes
Payment Information Risk: High
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Payment Card Information, Card Numbers, Security Codes and .
Which entities were affected by each incident ?
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach FIV856080425
Type of Data Compromised: Payment card information, Card numbers, Security codes
Sensitivity of Data: High
References
Where can I find more information about each incident ?
Incident : Data Breach FIV856080425
Source: California Office of the Attorney General
Date Accessed: 2019-02-14
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: California Office of the Attorney GeneralDate Accessed: 2019-02-14.
Additional Questions
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2019-02-14.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2019-02-14.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Payment card information, Card numbers, Security codes and .
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Card numbers, Security codes and Payment card information.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident is California Office of the Attorney General.
.png)
Latest Global CVEs (Not Company-Specific)
Description
FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions prior to 16.0.96 and 17.0.1 through 17.0.9 have a weak default password. By default, this is a 6 digit numeric value which can be brute forced. (This is the app_password parameter). Depending on local configuration, this password could be the extension, voicemail, user manager, DPMA or EPM phone admin password. This issue is fixed in versions 16.0.96 and 17.0.10.
Risk Information
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Neuron is a PHP framework for creating and orchestrating AI Agents. In versions 2.8.11 and below, the MySQLWriteTool executes arbitrary SQL provided by the caller using PDO::prepare() + execute() without semantic restrictions. This is consistent with the name (“write tool”), but in an LLM/agent context it becomes a high-risk capability: prompt injection or indirect prompt manipulation can cause execution of destructive queries such as DROP TABLE, TRUNCATE, DELETE, ALTER, or privilege-related statements (subject to DB permissions). Deployments that expose an agent with MySQLWriteTool enabled to untrusted input and/or run the tool with a DB user that has broad privileges are impacted. This issue is fixed in version 2.8.12.
Risk Information
cvss3
Base: 9.4
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
Description
Neuron is a PHP framework for creating and orchestrating AI Agents. Versions 2.8.11 and below use MySQLSelectTool, which is vulnerable to Read-Only Bypass. MySQLSelectTool is intended to be a read-only SQL tool (e.g., for LLM agent querying, however, validation based on the first keyword (e.g., SELECT) and a forbidden-keyword list does not block file-writing constructs such as INTO OUTFILE / INTO DUMPFILE. As a result, an attacker who can influence the tool input (e.g., via prompt injection through a public agent endpoint) may write arbitrary files to the DB server if the MySQL/MariaDB account has the FILE privilege and server configuration permits writes to a useful location (e.g., a web-accessible directory). This issue is fixed in version 2.8.12.
Risk Information
cvss3
Base: 8.2
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
Description
Okta Java Management SDK facilitates interactions with the Okta management API. In versions 11.0.0 through 20.0.0, race conditions may arise from concurrent requests using the ApiClient class. This could cause a status code or response header from one request’s response to influence another request’s response. This issue is fixed in version 20.0.1.
Risk Information
cvss3
Base: 8.4
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L
Description
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. When using versions 4.11.0 through 4.11.2 and 4.12.0, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results. This issue is fixed in versions 4.11.2 and 4.12.1.
Risk Information
cvss3
Base: 5.4
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=five-below' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
