Sam's Club
Company Details
Linkedin ID:
sam's-club
Website:
Employees number:
45,215
Number of followers:
381,258
NAICS:
43
Industry Type:
Homepage:
samsclub.com
IP Addresses:
1271
Company ID:
SAM_1414288
Scan Status:
Completed
Sam's Club Company CyberSecurity Posture
samsclub.com
Sam’s Club (NYSE: WMT) a division of Walmart Inc., is the membership warehouse club solution for everyday living. Our President and CEO is Chris Nicholas and our headquarters is in Bentonville, AR. For the fiscal year ending January 31, 2023, Sam’s Club’s total revenue was $84.3 billion. There are almost 600 clubs across the U.S and Puerto Rico and each averages approximately 136,000 square feet. Our first club opened in Midwest City, Oklahoma, in 1983. Many clubs include sustainable features such as day-lighting with skylights, night dimming, central energy management, water-conserving fixtures, natural concrete floors and recycling. Sam’s Club employs thousands of associates in the U.S. and Puerto Rico. Approximately 75 percent of club management was promoted from hourly positions. In addition to the leading national brands, Sam's Club also features Member's Mark, an exclusive, premium-quality private brand. Member's Mark products are exclusive designs that use top-of-the-line materials and the highest quality ingredients to make sure they have the best quality and value at members-only prices. A Sam’s Club membership can more than pay for itself with exclusive savings on the items you need, the items you love and all sorts of unexpected items. Sam’s Club focuses on providing members with exclusive savings and quality merchandise, as well as services like Delivery from Club and Curbside Pickup, savings on fuel, full-service Pharmacy and more. We offer our members the most choices on how to shop with us, anywhere, any time. With over 40 years of innovating in the category, Sam’s Club continues to redefine club membership shopping with its curated assortment of quality fresh food and Member’s Mark® items, in addition to market leading technologies and services like Scan & Go™️, curbside pickup and home delivery. Visit the Sam's Club Newsroom, shop at SamsClub.com or connect with Sam's Club on LinkedIn, X, Facebook, Instagram, TikTok and Pinterest.
Sam's Club A.I CyberSecurity Scoring
Sam's Club Risk Score (AI oriented)Between 700 and 749
Sam's Club
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Sam's Club Global Score (TPRM)XXXX
Sam's Club
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Sam's Club Company CyberSecurity News & History
Past Incidents
3
Attack Types
2
Sam's Club
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The California Office of the Attorney General disclosed a **data breach** targeting **Sam's Club** in October 2020, stemming from an incident on **September 24, 2020**. Unauthorized actors gained access to member accounts using **stolen login credentials**, compromising **personal information** of affected individuals. While the exact scope of exposed data was not detailed, such breaches typically involve sensitive details like names, contact information, membership IDs, or payment data—posing risks of identity theft, phishing, or financial fraud. The breach underscored vulnerabilities in credential security, highlighting the need for stronger authentication measures. Sam’s Club likely faced reputational damage and potential regulatory scrutiny, though no evidence suggested systemic operational disruption or ransomware involvement. Customers were advised to monitor accounts and update passwords, but the long-term impact on trust and membership retention remained a concern.
Sam’s Club
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: In mid-November, Sam’s Club reported a data breach where unauthorized individuals gained access to customer accounts using credentials likely obtained from an external source. The incident exposed sensitive personal information, including names, phone numbers, postal addresses, and payment card details. While the exact number of affected customers remains undisclosed, the breach poses significant risks such as identity theft, financial fraud, and reputational damage. The compromised payment card data could lead to fraudulent transactions, while the exposure of personal details increases the likelihood of targeted phishing or social engineering attacks. The breach underscores vulnerabilities in credential security and the potential for cascading harm when third-party credentials are reused across platforms. Customers are advised to monitor their accounts for suspicious activity and update their login credentials to mitigate further risks.
Sam's Club
Ransomware
Rankiteo Explanation
Attack threatening the organization’s existence
Description: Sam's Club, a subsidiary of Walmart, is investigating a potential security incident following claims of a breach by the Clop ransomware gang. Clop has added Sam's Club to its leak site but has not yet released proof. The breach may involve the exploitation of a zero-day vulnerability in Cleo file transfer software, which Sam's Club may have used. Prior incidents include credential stuffing in 2020, but the current situation remains under investigation with no explicit customer or employee data known to be compromised.
Sam's Club Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Sam's Club
Incidents vs Retail Industry Average (This Year)
No incidents recorded for Sam's Club in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Sam's Club in 2025.
Incident Types Sam's Club vs Retail Industry Avg (This Year)
No incidents recorded for Sam's Club in 2025.
Incident History — Sam's Club (X = Date, Y = Severity)
Sam's Club cyber incidents detection timeline including parent company and subsidiaries
Sam's Club Company Subsidiaries
Sam’s Club (NYSE: WMT) a division of Walmart Inc., is the membership warehouse club solution for everyday living. Our President and CEO is Chris Nicholas and our headquarters is in Bentonville, AR. For the fiscal year ending January 31, 2023, Sam’s Club’s total revenue was $84.3 billion. There are almost 600 clubs across the U.S and Puerto Rico and each averages approximately 136,000 square feet. Our first club opened in Midwest City, Oklahoma, in 1983. Many clubs include sustainable features such as day-lighting with skylights, night dimming, central energy management, water-conserving fixtures, natural concrete floors and recycling. Sam’s Club employs thousands of associates in the U.S. and Puerto Rico. Approximately 75 percent of club management was promoted from hourly positions. In addition to the leading national brands, Sam's Club also features Member's Mark, an exclusive, premium-quality private brand. Member's Mark products are exclusive designs that use top-of-the-line materials and the highest quality ingredients to make sure they have the best quality and value at members-only prices. A Sam’s Club membership can more than pay for itself with exclusive savings on the items you need, the items you love and all sorts of unexpected items. Sam’s Club focuses on providing members with exclusive savings and quality merchandise, as well as services like Delivery from Club and Curbside Pickup, savings on fuel, full-service Pharmacy and more. We offer our members the most choices on how to shop with us, anywhere, any time. With over 40 years of innovating in the category, Sam’s Club continues to redefine club membership shopping with its curated assortment of quality fresh food and Member’s Mark® items, in addition to market leading technologies and services like Scan & Go™️, curbside pickup and home delivery. Visit the Sam's Club Newsroom, shop at SamsClub.com or connect with Sam's Club on LinkedIn, X, Facebook, Instagram, TikTok and Pinterest.
Loading...
Sam's Club Similar Companies
Jerónimo Martins
Founded in 1792, Jerónimo Martins is an international Group based in Portugal that operates in the food distribution and specialised retail sectors. Present in 6 countries and counting with more than 6 thousand stores, we are one of the oldest retailers in the world. We address the daily needs of
LC Waikiki
We have been continuing our journey that we started in France in 1988, as a Turkish brand since 1997 under the structure of “LC Waikiki Mağazacılık Hizmetleri Ticaret A.Ş.”. We act with the philosophy of “Everyone deserves to dress well” and we are working to be one of the pioneers of the industry w
Asda
It’s hard for anyone to imagine just how many different career possibilities there are at Asda. Ours is a big business, and beyond the roles you might be familiar with on the shop floor (or on your doorstep), there are hundreds of others you don’t get to see. In fact, because our business is chang
John Lewis & Partners
Since 1864 we've been delighting customers with our quality products and renowned customer service. We put happiness at the heart of everything we do. We our one brand under the John Lewis Partnership umbrella. A unique way of doing business where all of our Partners (employees) share ownership of
Consum Cooperativa Valenciana
Consum es la mayor cooperativa del arco mediterráneo español. Cuenta con más de 760 supermercados, entre propios y franquiciados, distribuidos por Cataluña, Comunidad Valenciana, Murcia, Castilla-La Mancha, Andalucía y Aragón. En 2019 facturó 2.935 millones de euros, un 7,4% más que el ejerc
ICA Gruppen
ICA Gruppen´s core business is retail. The Group includes ICA Sweden which mainly conduct grocery retail, ICA Real Estate which owns and manages properties, ICA Bank which offers financial services and insurances, Apotek Hjärtat which conducts pharmacy operations. Guidelines: Comments in our chan
Lowe's Companies, Inc.
Lowe’s Companies, Inc. (NYSE: LOW) is a FORTUNE® 50 home improvement company serving approximately 20 million customers a week in the United States. Lowe’s and its related businesses operate or service more than 2,200 home improvement and hardware stores and employ over 300,000 associates. Based in
Costco Wholesale
Costco Wholesale is a multibillion dollar global retailer with warehouse club operations in 11 countries. We are the recognized leader in our field, dedicated to quality in every area of our business and respected for our outstanding business ethics. Despite our large size and rapid international ex
Big Lots, Inc. (NYSE: BIG) is one of America’s largest off-price retailers, offering bargains on everything for the home, including furniture, décor, pantry essentials, kitchenware, pet supplies, and more. The Company fulfills its mission to help customers "Live Big and Save Lots" by strategically s
.png)
Sam's Club CyberSecurity News
November 18, 2025 08:00 AM
The Complete List of Hacker And Cybersecurity Movies
Hacker's Movie Guide” with Foreword by Steve Wozniak, co-founder of Apple.
November 17, 2025 08:00 AM
Democratic senators urge Trump administration to release cybersecurity issues report
Two Democratic senators urged Trump administration officials on Wednesday to release a report on security issues in the telecommunications...
November 13, 2025 08:00 AM
Cybersecurity: It's All About the Network
David Zendzian '96 started BSides Charleston in 2012 as a way for members of the information security community to get together.
October 16, 2025 07:00 AM
Walmart, OpenAI Partner to Launch AI-Powered Shopping
Walmart partners with OpenAI to launch ChatGPT-powered shopping, introducing AI-driven Instant Checkout and expanding agentic commerce in...
September 02, 2025 07:00 AM
Sam’s Club Bets On Experiential Retail Media With INDYCAR Sponsorship
Sam's Club activated its sponsorship of Andretti Autosport at the INDYCAR season finale in Nashville—the company's first retail media...
August 01, 2025 07:00 AM
Big Box Store Sam’s Club Joins IndyCar’s Andretti Global Racing
Retail membership pioneer and "Big Box" story Sam's Club has joined forces with IndyCar's Andretti Global driver Kyle Kirkwood at Nashville...
June 30, 2025 07:00 AM
Ahold USA gives update on cybersecurity issue
Ahold Delhaize USA Services provides an update about the cybersecurity issue the company previously disclosed last year.
June 30, 2025 07:00 AM
UNFI expects financial hit from cyberattack as recovery continues
Major North American grocery wholesaler United Natural Foods, Inc., has disclosed that the cyberattack it experienced earlier this month...
June 19, 2025 07:00 AM
Cyberattack On Whole Foods Supplier Disrupts Supply Chain Again
A June 2025 cyberattack on United Natural Foods Inc., the primary distributor for Whole Foods Market, caused widespread delivery disruptions...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Sam's Club CyberSecurity History Information
Official Website of Sam's Club
The official website of Sam's Club is http://www.samsclub.com.
Sam's Club’s AI-Generated Cybersecurity Score
According to Rankiteo, Sam's Club’s AI-generated cybersecurity score is 733, reflecting their Moderate security posture.
How many security badges does Sam's Club’ have ?
According to Rankiteo, Sam's Club currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Sam's Club have SOC 2 Type 1 certification ?
According to Rankiteo, Sam's Club is not certified under SOC 2 Type 1.
Does Sam's Club have SOC 2 Type 2 certification ?
According to Rankiteo, Sam's Club does not hold a SOC 2 Type 2 certification.
Does Sam's Club comply with GDPR ?
According to Rankiteo, Sam's Club is not listed as GDPR compliant.
Does Sam's Club have PCI DSS certification ?
According to Rankiteo, Sam's Club does not currently maintain PCI DSS compliance.
Does Sam's Club comply with HIPAA ?
According to Rankiteo, Sam's Club is not compliant with HIPAA regulations.
Does Sam's Club have ISO 27001 certification ?
According to Rankiteo,Sam's Club is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Sam's Club
Sam's Club operates primarily in the Retail industry.
Number of Employees at Sam's Club
Sam's Club employs approximately 45,215 people worldwide.
Subsidiaries Owned by Sam's Club
Sam's Club presently has no subsidiaries across any sectors.
Sam's Club’s LinkedIn Followers
Sam's Club’s official LinkedIn profile has approximately 381,258 followers.
NAICS Classification of Sam's Club
Sam's Club is classified under the NAICS code 43, which corresponds to Retail Trade.
Sam's Club’s Presence on Crunchbase
No, Sam's Club does not have a profile on Crunchbase.
Sam's Club’s Presence on LinkedIn
Yes, Sam's Club maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/sam's-club.
Cybersecurity Incidents Involving Sam's Club
As of December 11, 2025, Rankiteo reports that Sam's Club has experienced 3 cybersecurity incidents.
Number of Peer and Competitor Companies
Sam's Club has an estimated 15,469 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Sam's Club ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach and Ransomware.
Incident Details
Can you provide details on each incident ?
Title: Potential Security Incident at Sam's Club
Description: Sam's Club, a subsidiary of Walmart, is investigating a potential security incident following claims of a breach by the Clop ransomware gang. Clop has added Sam's Club to its leak site but has not yet released proof. The breach may involve the exploitation of a zero-day vulnerability in Cleo file transfer software, which Sam's Club may have used. Prior incidents include credential stuffing in 2020, but the current situation remains under investigation with no explicit customer or employee data known to be compromised.
Type: Ransomware
Attack Vector: Zero-day vulnerability exploitation
Vulnerability Exploited: Cleo file transfer software
Threat Actor: Clop ransomware gang
Title: Sam’s Club Unauthorized Account Access Incident
Description: In mid-November, unauthorized access to Sam’s Club customer accounts occurred using login credentials likely obtained from another source. The breach may have compromised personal information such as names, phone numbers, postal addresses, and payment card details, but the number of affected individuals is unknown.
Type: Data Breach / Unauthorized Access
Attack Vector: Credential Stuffing / Account Takeover
Title: Sam's Club Data Breach (2020)
Description: The California Office of the Attorney General reported a data breach involving Sam's Club on October 21, 2020. The breach occurred on September 24, 2020, due to unauthorized access to accounts using stolen login credentials, potentially affecting various personal information of members.
Date Detected: 2020-09-24
Date Publicly Disclosed: 2020-10-21
Type: Data Breach
Attack Vector: Unauthorized Access (Stolen Credentials)
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Compromised credentials (likely from another source) and Stolen Login Credentials.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach / Unauthorized Access SAM021091825
Data Compromised: Names, Phone numbers, Postal addresses, Payment card details
Identity Theft Risk: Potential (due to PII exposure)
Payment Information Risk: Potential (payment card details exposed)
Incident : Data Breach SAM025091825
Data Compromised: Personal information
Identity Theft Risk: Potential
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Personally Identifiable Information (Pii), Payment Card Information, , Personal Information and .
Which entities were affected by each incident ?
Incident : Data Breach / Unauthorized Access SAM021091825
Entity Name: Sam’s Club
Entity Type: Retailer
Industry: Retail / Wholesale
Customers Affected: Unknown
Incident : Data Breach SAM025091825
Entity Name: Sam's Club
Entity Type: Retail
Industry: Retail / Wholesale
Location: United States (California)
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach / Unauthorized Access SAM021091825
Type of Data Compromised: Personally identifiable information (pii), Payment card information
Number of Records Exposed: Unknown
Sensitivity of Data: High (includes PII and payment details)
Incident : Data Breach SAM025091825
Type of Data Compromised: Personal information
Personally Identifiable Information: Potential
Ransomware Information
Was ransomware involved in any of the incidents ?
Incident : Ransomware SAM248032825
Ransomware Strain: Clop
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Data Breach SAM025091825
Regulatory Notifications: California Office of the Attorney General
References
Where can I find more information about each incident ?
Incident : Data Breach SAM025091825
Source: California Office of the Attorney General
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: California Office of the Attorney General.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Ransomware SAM248032825
Investigation Status: Under investigation
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Data Breach / Unauthorized Access SAM021091825
Entry Point: Compromised credentials (likely from another source)
Incident : Data Breach SAM025091825
Entry Point: Stolen Login Credentials
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Data Breach SAM025091825
Root Causes: Unauthorized Access Via Stolen Credentials,
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident was an Clop ransomware gang.
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2020-09-24.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2020-10-21.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Names, Phone Numbers, Postal Addresses, Payment Card Details, , Personal Information and .
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Postal Addresses, Phone Numbers, Payment Card Details, Names and Personal Information.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 0.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident is California Office of the Attorney General.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Under investigation.
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker were an Stolen Login Credentials and Compromised credentials (likely from another source).
.png)
Latest Global CVEs (Not Company-Specific)
Description
FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions prior to 16.0.96 and 17.0.1 through 17.0.9 have a weak default password. By default, this is a 6 digit numeric value which can be brute forced. (This is the app_password parameter). Depending on local configuration, this password could be the extension, voicemail, user manager, DPMA or EPM phone admin password. This issue is fixed in versions 16.0.96 and 17.0.10.
Risk Information
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Neuron is a PHP framework for creating and orchestrating AI Agents. In versions 2.8.11 and below, the MySQLWriteTool executes arbitrary SQL provided by the caller using PDO::prepare() + execute() without semantic restrictions. This is consistent with the name (“write tool”), but in an LLM/agent context it becomes a high-risk capability: prompt injection or indirect prompt manipulation can cause execution of destructive queries such as DROP TABLE, TRUNCATE, DELETE, ALTER, or privilege-related statements (subject to DB permissions). Deployments that expose an agent with MySQLWriteTool enabled to untrusted input and/or run the tool with a DB user that has broad privileges are impacted. This issue is fixed in version 2.8.12.
Risk Information
cvss3
Base: 9.4
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
Description
Neuron is a PHP framework for creating and orchestrating AI Agents. Versions 2.8.11 and below use MySQLSelectTool, which is vulnerable to Read-Only Bypass. MySQLSelectTool is intended to be a read-only SQL tool (e.g., for LLM agent querying, however, validation based on the first keyword (e.g., SELECT) and a forbidden-keyword list does not block file-writing constructs such as INTO OUTFILE / INTO DUMPFILE. As a result, an attacker who can influence the tool input (e.g., via prompt injection through a public agent endpoint) may write arbitrary files to the DB server if the MySQL/MariaDB account has the FILE privilege and server configuration permits writes to a useful location (e.g., a web-accessible directory). This issue is fixed in version 2.8.12.
Risk Information
cvss3
Base: 8.2
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
Description
Okta Java Management SDK facilitates interactions with the Okta management API. In versions 11.0.0 through 20.0.0, race conditions may arise from concurrent requests using the ApiClient class. This could cause a status code or response header from one request’s response to influence another request’s response. This issue is fixed in version 20.0.1.
Risk Information
cvss3
Base: 8.4
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L
Description
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. When using versions 4.11.0 through 4.11.2 and 4.12.0, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results. This issue is fixed in versions 4.11.2 and 4.12.1.
Risk Information
cvss3
Base: 5.4
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=sam's-club' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
