Merck
Company Details
Linkedin ID:
merck
Website:
Employees number:
42,297
Number of followers:
2,549,401
NAICS:
3254
Industry Type:
Homepage:
merck.com
IP Addresses:
0
Company ID:
MER_3024671
Scan Status:
In-progress
Merck Company CyberSecurity Posture
merck.com
At Merck, known as MSD outside of the United States and Canada, we are unified around our purpose: We use the power of leading-edge science to save and improve lives around the world. For more than 130 years, we have brought hope to humanity through the development of important medicines and vaccines. We aspire to be the premier research-intensive biopharmaceutical company in the world – and today, we are at the forefront of research to deliver innovative health solutions that advance the prevention and treatment of diseases in people and animals. We foster a diverse and inclusive global workforce and operate responsibly every day to enable a safe, sustainable and healthy future for all people and communities. For more information, visit www.merck.com. This site is intended for residents of the United States and Canada and their territories only. FLS: http://merck.us/3TKXNuZ
Merck A.I CyberSecurity Scoring
Merck Risk Score (AI oriented)Between 800 and 849
Merck
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Merck Global Score (TPRM)XXXX
Merck
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Merck Company CyberSecurity News & History
Past Incidents
2
Attack Types
2
Merck Sharp & Dohme LLC (Merck)
Breach
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: On September 22, 2025, Merck, a New Jersey-based pharmaceutical company, was alerted that its third-party service provider, Graebel Companies, suffered a **data breach** exposing sensitive personal and financial information of current and former employees. The compromised data includes **names, dates of birth, addresses, phone numbers, Social Security numbers, and financial account details**, heightening risks of identity theft and fraud.The breach was formally disclosed to the Massachusetts Attorney General’s office on November 17, 2025, though the exact number of affected individuals remains undetermined. Merck collaborated with Graebel to contain the incident, strengthen security measures, and notify impacted employees. As a remedial step, Merck is providing **24 months of complimentary credit monitoring and identity theft protection** via TransUnion.The exposure of **personally identifiable information (PII) and financial records**—particularly through a third-party vendor—underscores vulnerabilities in supply chain cybersecurity and the potential for long-term reputational and financial harm to both employees and the company.
Merck
Cyber Attack
Rankiteo Explanation
Attack threatening the organization's existence
Description: The computer systems of Science and Technology company Merck were targeted in a sophisticated cyber-attack. The company immediately took preventive steps to contain the attack and informed its employees to disconnect mobile phones from the network.
Merck Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Merck
Incidents vs Pharmaceutical Manufacturing Industry Average (This Year)
Merck has 25.0% more incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
Merck has 29.87% more incidents than the average of all companies with at least one recorded incident.
Incident Types Merck vs Pharmaceutical Manufacturing Industry Avg (This Year)
Merck reported 1 incidents this year: 0 cyber attacks, 0 ransomware, 0 vulnerabilities, 1 data breaches, compared to industry peers with at least 1 incident.
Incident History — Merck (X = Date, Y = Severity)
Merck cyber incidents detection timeline including parent company and subsidiaries
Merck Company Subsidiaries
At Merck, known as MSD outside of the United States and Canada, we are unified around our purpose: We use the power of leading-edge science to save and improve lives around the world. For more than 130 years, we have brought hope to humanity through the development of important medicines and vaccines. We aspire to be the premier research-intensive biopharmaceutical company in the world – and today, we are at the forefront of research to deliver innovative health solutions that advance the prevention and treatment of diseases in people and animals. We foster a diverse and inclusive global workforce and operate responsibly every day to enable a safe, sustainable and healthy future for all people and communities. For more information, visit www.merck.com. This site is intended for residents of the United States and Canada and their territories only. FLS: http://merck.us/3TKXNuZ
Loading...
Merck Similar Companies
Eli Lilly and Company
We're a medicine company turning science into healing to make life better for people around the world. It all started nearly 150 years ago with a clear vision from founder Colonel Eli Lilly: "Take what you find here and make it better and better." Harnessing the power of biotechnology, chemistry and
SUN PHARMA
Sun Pharma is the world's fourth-largest speciality generic pharmaceutical company and No. 1 in India. We provide high-quality, affordable medicines trusted by customers and patients in over 100 countries. Sun Pharma's global presence is supported by more than 40 manufacturing facilities spread acro
MSD
At MSD, known as Merck & Co., Inc., Rahway, NJ, USA in the United States and Canada, we are unified around our purpose: We use the power of leading-edge science to save and improve lives around the world. For more than 130 years, we have brought hope to humanity through the development of important
MACLEODS PHARMACEUTICALS LTD.
A vertically integrated, Global Pharmaceutical Company. Established in 1989, we are engaged in developing, manufacturing, and marketing a wide range of formulations across several major therapeutic areas including anti-infectives, cardiovascular, anti-diabetic, dermatology, and hormone treatment.
The Janssen Pharmaceutical Companies of Johnson & Johnson
At Janssen, we never stop working toward a future where disease is a thing of the past. We’re the Pharmaceutical Companies of Johnson & Johnson, and you can count on us to keep working tirelessly to make that future a reality for patients everywhere, by fighting sickness with science, improving ac
Viatris
Viatris Inc. (NASDAQ: VTRS) is a global healthcare company uniquely positioned to bridge the traditional divide between generics and brands, combining the best of both to more holistically address healthcare needs globally. With a mission to empower people worldwide to live healthier at every stage
Cipla
Cipla is a leading global pharmaceutical company trusted by healthcare professionals and patients across the world since 1935. A compassionate approach to healthcare that goes beyond the pursuit of profit and growth has been the force impelling Cipla’s history over the years. Our credo and our purp
AbbVie is a global biopharmaceutical company focused on creating medicines and solutions that put impact first — for patients, communities, and our world. We aim to address complex health issues and enhance people's lives through our core therapeutic areas: immunology, oncology, neuroscience, eye ca
Astellas Pharma
Astellas is a global life sciences company committed to turning innovative science into VALUE for patients. We provide transformative therapies in disease areas that include oncology, ophthalmology, urology, immunology and women's health. Through our research and development programs, we are pioneer
.png)
Merck CyberSecurity News
November 17, 2025 11:15 PM
Merck Data Breach Lawsuit Investigation
If you were affected by the Merck data breach, you may be entitled to compensation.
November 14, 2025 08:00 AM
Wall Street Breakfast Podcast: Merck Talks Send Cidara Soaring
Merck seen nearing acquisition of Cidara Therapeutics in deal potentially above $3.3 billion. U.S., Argentina to open markets to key...
October 13, 2025 07:00 AM
Women CFOs Outperform. Here’s How Humana And Merck Prove It
Boards seeking consistent returns and strategic innovation might not need to look outside the organization for their next growth driver.
August 12, 2025 07:00 AM
DEEP and Merck launch strategic partnership to strengthen Europe’s cybersecurity
DEEP and Merck launch strategic partnership to strengthen Europe's cybersecurity. Martha Ihlbrock Corporate Communications
July 16, 2025 07:00 AM
How This New Biotech Billionaire Outmaneuvered Merck In China
Michelle Xia gained experience at U.S. pharmaceutical firms before launching her own biotech company back home in China.
July 11, 2025 07:00 AM
Merck's Verona Acquisition: Plugging A $4B Hole In A $20B Gap
Merck's recent acquisition announcement sends a strong signal regarding its urgency to tackle the impending Keytruda patent cliff.
July 05, 2025 09:14 PM
El Grupo Merck y Versum Materials comienzan una nueva historia de crecimiento
Lee cómo FTI Consulting proporcionó apoyo estratégico y legal en un proyecto Pro Bono para establecer un tribunal internacional especial para Ucrania.
June 27, 2025 07:00 AM
40% Upside For Merck Stock?
Merck's upside potential depends on its capability to execute across several vital areas: successfully moving its pipeline forward, expanding into new regions,...
June 02, 2025 07:00 AM
Merck Stock’s Ticking Keytruda Time Bomb
Merck's (NYSE:MRK) top-selling drug – Keytruda's – impressive recent growth tells a compelling story, but it's one with a predictable ending...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Merck CyberSecurity History Information
Official Website of Merck
The official website of Merck is http://merck.us/2J2xAUh.
Merck’s AI-Generated Cybersecurity Score
According to Rankiteo, Merck’s AI-generated cybersecurity score is 801, reflecting their Good security posture.
How many security badges does Merck’ have ?
According to Rankiteo, Merck currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Merck have SOC 2 Type 1 certification ?
According to Rankiteo, Merck is not certified under SOC 2 Type 1.
Does Merck have SOC 2 Type 2 certification ?
According to Rankiteo, Merck does not hold a SOC 2 Type 2 certification.
Does Merck comply with GDPR ?
According to Rankiteo, Merck is not listed as GDPR compliant.
Does Merck have PCI DSS certification ?
According to Rankiteo, Merck does not currently maintain PCI DSS compliance.
Does Merck comply with HIPAA ?
According to Rankiteo, Merck is not compliant with HIPAA regulations.
Does Merck have ISO 27001 certification ?
According to Rankiteo,Merck is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Merck
Merck operates primarily in the Pharmaceutical Manufacturing industry.
Number of Employees at Merck
Merck employs approximately 42,297 people worldwide.
Subsidiaries Owned by Merck
Merck presently has no subsidiaries across any sectors.
Merck’s LinkedIn Followers
Merck’s official LinkedIn profile has approximately 2,549,401 followers.
NAICS Classification of Merck
Merck is classified under the NAICS code 3254, which corresponds to Pharmaceutical and Medicine Manufacturing.
Merck’s Presence on Crunchbase
No, Merck does not have a profile on Crunchbase.
Merck’s Presence on LinkedIn
Yes, Merck maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/merck.
Cybersecurity Incidents Involving Merck
As of December 11, 2025, Rankiteo reports that Merck has experienced 2 cybersecurity incidents.
Number of Peer and Competitor Companies
Merck has an estimated 5,412 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Merck ?
Incident Types: The types of cybersecurity incidents that have occurred include Cyber Attack and Breach.
How does Merck detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an containment measures with disconnect mobile phones from the network, and and third party assistance with collaboration with graebel companies, and containment measures with implemented by graebel companies, and remediation measures with enhanced security protocols by graebel, and communication strategy with direct communication with affected individuals..
Incident Details
Can you provide details on each incident ?
Title: Cyber-Attack on Merck
Description: The computer systems of Science and Technology company Merck were targeted in a sophisticated cyber-attack.
Type: Cyber-Attack
Title: Data Breach at Merck via Third-Party Service Provider Graebel Companies
Description: On Sept. 22, 2025, Merck Sharp & Dohme LLC (Merck) was notified that its U.S.-based service provider, Graebel Companies, experienced a data breach exposing sensitive personal information of current and former Merck employees. The breach was disclosed to the Massachusetts Attorney General’s office on Nov. 17, 2025. Compromised data may include names, dates of birth, addresses, phone numbers, Social Security numbers, and financial account information, putting individuals at risk for identity theft and fraud.
Date Detected: 2025-09-22
Date Publicly Disclosed: 2025-11-17
Type: Data Breach (Third-Party)
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach (Third-Party) MER3502435111825
Data Compromised: Names, Dates of birth, Addresses, Phone numbers, Social security numbers, Financial account information
Brand Reputation Impact: Potential reputational harm due to exposure of sensitive employee data
Identity Theft Risk: High (due to exposure of PII and financial information)
Payment Information Risk: High (financial account information exposed)
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Personally Identifiable Information (Pii), Financial Information and .
Which entities were affected by each incident ?
Incident : Cyber-Attack MER1502422
Entity Name: Merck
Entity Type: Company
Industry: Science and Technology
Incident : Data Breach (Third-Party) MER3502435111825
Entity Name: Merck Sharp & Dohme LLC
Entity Type: Pharmaceutical Company
Industry: Healthcare/Pharmaceutical
Location: New Jersey, USA
Incident : Data Breach (Third-Party) MER3502435111825
Entity Name: Graebel Companies
Entity Type: Service Provider
Industry: Relocation/Logistics
Location: USA
Customers Affected: Current and former Merck employees (number unknown, potentially significant)
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Cyber-Attack MER1502422
Containment Measures: Disconnect mobile phones from the network
Incident : Data Breach (Third-Party) MER3502435111825
Incident Response Plan Activated: True
Third Party Assistance: Collaboration with Graebel Companies
Containment Measures: Implemented by Graebel Companies
Remediation Measures: Enhanced security protocols by Graebel
Communication Strategy: Direct communication with affected individuals
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through Collaboration with Graebel Companies.
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach (Third-Party) MER3502435111825
Type of Data Compromised: Personally identifiable information (pii), Financial information
Number of Records Exposed: Unknown (potentially significant)
Sensitivity of Data: High (includes SSNs and financial account information)
Personally Identifiable Information: NamesDates of birthAddressesPhone numbersSocial Security numbers
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Enhanced security protocols by Graebel.
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by disconnect mobile phones from the network, and implemented by graebel companies.
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Data Breach (Third-Party) MER3502435111825
Regulatory Notifications: Disclosed to Massachusetts Attorney General’s office
Lessons Learned and Recommendations
What recommendations were made to prevent future incidents ?
Incident : Data Breach (Third-Party) MER3502435111825
Recommendations: Monitor credit and financial accounts for suspicious activity, Enroll in complimentary credit monitoring and identity theft protection services (provided by TransUnion for 24 months)Monitor credit and financial accounts for suspicious activity, Enroll in complimentary credit monitoring and identity theft protection services (provided by TransUnion for 24 months)
References
Where can I find more information about each incident ?
Incident : Data Breach (Third-Party) MER3502435111825
Source: Massachusetts Attorney General’s Office Disclosure
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Massachusetts Attorney General’s Office Disclosure.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Data Breach (Third-Party) MER3502435111825
Investigation Status: Ongoing (scope and full impact not yet determined)
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Direct communication with affected individuals.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Data Breach (Third-Party) MER3502435111825
Stakeholder Advisories: Direct notifications sent to affected individuals
Customer Advisories: Public disclosure via regulatory notification; individual notifications sent to affected employees
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Direct notifications sent to affected individuals and Public disclosure via regulatory notification; individual notifications sent to affected employees.
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Data Breach (Third-Party) MER3502435111825
Corrective Actions: Enhanced Security Protocols By Graebel Companies, Credit Monitoring And Identity Theft Protection Services For Affected Individuals,
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Collaboration with Graebel Companies.
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Enhanced Security Protocols By Graebel Companies, Credit Monitoring And Identity Theft Protection Services For Affected Individuals, .
Additional Questions
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2025-09-22.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2025-11-17.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Names, Dates of birth, Addresses, Phone numbers, Social Security numbers, Financial account information and .
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was Collaboration with Graebel Companies.
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident were Disconnect mobile phones from the network and Implemented by Graebel Companies.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Social Security numbers, Phone numbers, Dates of birth, Financial account information, Addresses and Names.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 0.
Lessons Learned and Recommendations
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Enroll in complimentary credit monitoring and identity theft protection services (provided by TransUnion for 24 months) and Monitor credit and financial accounts for suspicious activity.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident is Massachusetts Attorney General’s Office Disclosure.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing (scope and full impact not yet determined).
Stakeholder and Customer Advisories
What was the most recent stakeholder advisory issued ?
Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was Direct notifications sent to affected individuals, .
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued was an Public disclosure via regulatory notification; individual notifications sent to affected employees.
.png)
Latest Global CVEs (Not Company-Specific)
Description
FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions prior to 16.0.96 and 17.0.1 through 17.0.9 have a weak default password. By default, this is a 6 digit numeric value which can be brute forced. (This is the app_password parameter). Depending on local configuration, this password could be the extension, voicemail, user manager, DPMA or EPM phone admin password. This issue is fixed in versions 16.0.96 and 17.0.10.
Risk Information
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Neuron is a PHP framework for creating and orchestrating AI Agents. In versions 2.8.11 and below, the MySQLWriteTool executes arbitrary SQL provided by the caller using PDO::prepare() + execute() without semantic restrictions. This is consistent with the name (“write tool”), but in an LLM/agent context it becomes a high-risk capability: prompt injection or indirect prompt manipulation can cause execution of destructive queries such as DROP TABLE, TRUNCATE, DELETE, ALTER, or privilege-related statements (subject to DB permissions). Deployments that expose an agent with MySQLWriteTool enabled to untrusted input and/or run the tool with a DB user that has broad privileges are impacted. This issue is fixed in version 2.8.12.
Risk Information
cvss3
Base: 9.4
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
Description
Neuron is a PHP framework for creating and orchestrating AI Agents. Versions 2.8.11 and below use MySQLSelectTool, which is vulnerable to Read-Only Bypass. MySQLSelectTool is intended to be a read-only SQL tool (e.g., for LLM agent querying, however, validation based on the first keyword (e.g., SELECT) and a forbidden-keyword list does not block file-writing constructs such as INTO OUTFILE / INTO DUMPFILE. As a result, an attacker who can influence the tool input (e.g., via prompt injection through a public agent endpoint) may write arbitrary files to the DB server if the MySQL/MariaDB account has the FILE privilege and server configuration permits writes to a useful location (e.g., a web-accessible directory). This issue is fixed in version 2.8.12.
Risk Information
cvss3
Base: 8.2
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
Description
Okta Java Management SDK facilitates interactions with the Okta management API. In versions 11.0.0 through 20.0.0, race conditions may arise from concurrent requests using the ApiClient class. This could cause a status code or response header from one request’s response to influence another request’s response. This issue is fixed in version 20.0.1.
Risk Information
cvss3
Base: 8.4
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L
Description
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. When using versions 4.11.0 through 4.11.2 and 4.12.0, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results. This issue is fixed in versions 4.11.2 and 4.12.1.
Risk Information
cvss3
Base: 5.4
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=merck' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
