SHL
Company Details
Linkedin ID:
suntory-holdings-limited
Website:
Employees number:
9,537
Number of followers:
61,568
NAICS:
722
Industry Type:
Homepage:
suntory.com
IP Addresses:
0
Company ID:
SUN_1188647
Scan Status:
In-progress
Suntory Holdings Limited Company CyberSecurity Posture
suntory.com
As a global leader in the beverage industry, Suntory Group aims to inspire the brilliance of life, by creating rich experiences for people, in harmony with nature. Sustained by the gifts of nature and water, the Group offers a uniquely diverse portfolio of products, from award-winning Japanese whiskies Yamazaki and Hibiki, iconic American whiskies Jim Beam and Maker's Mark, canned ready-to-drink -196 (minus one-nine-six), The Premium Malt’s beer, Japanese wine Tomi, and the world-famous Château Lagrange. Its brand collection also includes non-alcoholic favorites Orangina, Lucozade, Oasis, BOSS coffee, Suntory Tennensui water, TEA+ Oolong Tea, and V energy drink, as well as popular health and wellness product Sesamin EX. Founded as a family-owned business in 1899 in Osaka, Japan, Suntory Group has grown into a global company operating throughout the Americas, Europe, Africa, Asia and Oceania, with an annual revenue (excluding excise taxes) of $20.3 billion in 2024. Its 41,357 employees worldwide draw upon the unique blend of Japanese artisanship and global tastes to explore new product categories and markets.
Suntory Holdings Limited A.I CyberSecurity Scoring
SHL Risk Score (AI oriented)Between 750 and 799
SHL
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
SHL Global Score (TPRM)XXXX
SHL
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
SHL Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
Pepsi Bottling Ventures LLC
Cyber Attack
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: On February 20, 2023, the **Maine Office of the Attorney General** disclosed a **data breach** affecting **Pepsi Bottling Ventures LLC**, which occurred between **December 23, 2022, and January 19, 2023**, due to **external hacking**. The incident compromised the **personal and financial information** of **17,612 individuals**, including **financial account numbers and identification numbers**, with **four Maine residents** specifically impacted. The breach exposed sensitive data that could lead to **identity theft, financial fraud, or unauthorized transactions**, posing significant risks to affected individuals. While the exact method of infiltration remains undisclosed, the **external hacking** suggests a targeted **cyber attack** aimed at extracting high-value personal and financial records. The scale of the breach—affecting thousands—indicates a **systemic vulnerability** in Pepsi Bottling Ventures’ security infrastructure, raising concerns over **data protection compliance** and the company’s ability to safeguard customer information against evolving cyber threats. The incident underscores the growing trend of **financially motivated cybercrime**, where threat actors exploit weaknesses in corporate networks to harvest sensitive data for malicious purposes, including **fraud, phishing, or sale on the dark web**. No ransomware was reported in this case, but the **leak of financial and identification details** elevates the severity due to the **long-term repercussions** for victims.
SHL Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for SHL
Incidents vs Food and Beverage Services Industry Average (This Year)
No incidents recorded for Suntory Holdings Limited in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Suntory Holdings Limited in 2025.
Incident Types SHL vs Food and Beverage Services Industry Avg (This Year)
No incidents recorded for Suntory Holdings Limited in 2025.
Incident History — SHL (X = Date, Y = Severity)
SHL cyber incidents detection timeline including parent company and subsidiaries
SHL Company Subsidiaries
As a global leader in the beverage industry, Suntory Group aims to inspire the brilliance of life, by creating rich experiences for people, in harmony with nature. Sustained by the gifts of nature and water, the Group offers a uniquely diverse portfolio of products, from award-winning Japanese whiskies Yamazaki and Hibiki, iconic American whiskies Jim Beam and Maker's Mark, canned ready-to-drink -196 (minus one-nine-six), The Premium Malt’s beer, Japanese wine Tomi, and the world-famous Château Lagrange. Its brand collection also includes non-alcoholic favorites Orangina, Lucozade, Oasis, BOSS coffee, Suntory Tennensui water, TEA+ Oolong Tea, and V energy drink, as well as popular health and wellness product Sesamin EX. Founded as a family-owned business in 1899 in Osaka, Japan, Suntory Group has grown into a global company operating throughout the Americas, Europe, Africa, Asia and Oceania, with an annual revenue (excluding excise taxes) of $20.3 billion in 2024. Its 41,357 employees worldwide draw upon the unique blend of Japanese artisanship and global tastes to explore new product categories and markets.
Loading...
SHL Similar Companies
As China’s leading dairy manufacturer, Mengniu focuses on producing nutritional, healthy and tasty dairy products for customers worldwide. 20 years of experiences enabled Mengniu to develop a diversified product matrix, including liquid milk, ice-cream, infant formula, cheese and etc. The company ha
Greene King
Greene King is the country’s leading pub company and brewer with c.2,600 pubs, restaurants and hotels across England, Wales and Scotland. At Greene King we are passionate about delivering our purpose to ‘pour happiness into lives’. That’s for our customers, our team, our pub partners, our suppliers
Almarai - المراعي
Founded in 1977, Almarai Company is the world’s largest vertically integrated dairy company and the largest food and beverage manufacturing and distribution company in MENA. Headquartered in the Kingdom of Saudi Arabia, Almarai Company is ranked as the number one FMCG Brand in the MENA region and th
Little Caesars Pizza
ABOUT LITTLE CAESARS® Little Caesars, the Best Value in Pizza*, was founded by Mike and Marian Ilitch as a single, family-owned restaurant in 1959 and is headquartered in downtown Detroit, Michigan. It is the third-largest pizza chain in the world, with restaurants in each of the 50 U.S. states a
The Kraft Heinz Company is one of the largest food and beverage companies in the world, with eight $1 billion+ brands and global sales of approximately $25 billion. We’re a globally trusted producer of high-quality, great-tasting, and nutritious foods for over 150 years. While Kraft Heinz is co-head
Sigma
We are a global food company dedicated to bringing local favorite foods to communities everywhere. Within 17 countries, we offer quality branded food at a range of price points and across diverse categories. We're a company dedicated to the production, distribution and sales of refrigerated and fr
Arca Continental
Arca Continental produces, distributes and sells non-alcoholic beverages under The Coca-Cola Company brand, as well as snacks under the brands of Bokados in Mexico, Inalecsa in Ecuador and Wise in the US. With an outstanding history spanning more than 98 years, Arca Continental is the second-larges
GoTo Foods
Atlanta-based GoTo Foods (formerly known as Focus Brands) is a leading developer of global multi-channel foodservice brands. As of December 31, 2023, GoTo Foods, through its affiliate brands, is the franchisor and operator of more than 6,700 restaurants, cafes, ice cream shoppes, and bakeries in all
HMSHost
HMSHost is recognized by the industry as the leader in travel dining with awards such as Restaurateur with the Highest Regard for Customer Service and Best Brand Restaurateur for Shake Shack by Airport Experience News. USA Today 10Best Readers’ Choice Travel Awards gave first place honors to both of
.png)
SHL CyberSecurity News
November 10, 2025 08:00 AM
Cyberattack Leaves Asahi Struggling as Rival Brewers Gain Ground
As Japan gears up for its busiest beer-drinking season, the country's largest brewer is struggling to stay on tap — with its systems still...
October 29, 2025 07:00 AM
A month after Asahi cyberattack, Japan's beverage industry still high and dry
Brewer Asahi Group Holdings is still struggling to restore its operations one month after a cyberattack crippled its systems, with the...
October 18, 2025 07:00 AM
Suntory and Sapporo to halt gift beer sales after cyberattack against Asahi
Suntory and Sapporo Breweries have announced a partial halt to sales of their beer gift sets amid a flood of orders due to delays in...
October 11, 2025 07:00 AM
Asahi reduced to faxing and phoning it in after hack attack
TOKYO -- After a cyberattack disabled information systems at Asahi Group Holdings, the Japanese beverage giant has struggled to fill orders...
October 08, 2025 07:00 AM
Ransomware Gang Qilin Claims Hack That Hit Beermaker Asahi
A cohort of Russian-speaking hackers known as Qilin has claimed responsibility for a ransomware attack that hobbled Asahi Group Holdings...
October 03, 2025 07:00 AM
Cyberattack halts Asahi production, disrupts Japan’s beer supply
Japan's beer industry is facing a major disruption after Asahi Group Holdings Ltd. was forced to halt production at most of its 30 domestic...
October 03, 2025 07:00 AM
Asahi blames ransomware for crippling Japanese beer plants
Asahi Group Holdings revealed for the first time that cyberattackers employed ransomware to bring its domestic factories to a standstill,...
October 02, 2025 07:00 AM
7-Eleven Running Out of Super Dry Beer After Asahi Cyberattack
Seven & i Holdings Co. and other retailers in Japan are warning customers of possible Asahi Super Dry beer shortages after a cyberattack...
June 08, 2023 07:00 AM
Suntory Pepsico to open $189 mln southern Vietnam factory in 2026
Suntory Pepsico Vietnam Beverage, producer of carbonated soft drink Pepsi in Vietnam, plans to put its VND4.43 trillion ($188.6 million)...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
SHL CyberSecurity History Information
Official Website of Suntory Holdings Limited
The official website of Suntory Holdings Limited is http://www.suntory.com.
Suntory Holdings Limited’s AI-Generated Cybersecurity Score
According to Rankiteo, Suntory Holdings Limited’s AI-generated cybersecurity score is 790, reflecting their Fair security posture.
How many security badges does Suntory Holdings Limited’ have ?
According to Rankiteo, Suntory Holdings Limited currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Suntory Holdings Limited have SOC 2 Type 1 certification ?
According to Rankiteo, Suntory Holdings Limited is not certified under SOC 2 Type 1.
Does Suntory Holdings Limited have SOC 2 Type 2 certification ?
According to Rankiteo, Suntory Holdings Limited does not hold a SOC 2 Type 2 certification.
Does Suntory Holdings Limited comply with GDPR ?
According to Rankiteo, Suntory Holdings Limited is not listed as GDPR compliant.
Does Suntory Holdings Limited have PCI DSS certification ?
According to Rankiteo, Suntory Holdings Limited does not currently maintain PCI DSS compliance.
Does Suntory Holdings Limited comply with HIPAA ?
According to Rankiteo, Suntory Holdings Limited is not compliant with HIPAA regulations.
Does Suntory Holdings Limited have ISO 27001 certification ?
According to Rankiteo,Suntory Holdings Limited is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Suntory Holdings Limited
Suntory Holdings Limited operates primarily in the Food and Beverage Services industry.
Number of Employees at Suntory Holdings Limited
Suntory Holdings Limited employs approximately 9,537 people worldwide.
Subsidiaries Owned by Suntory Holdings Limited
Suntory Holdings Limited presently has no subsidiaries across any sectors.
Suntory Holdings Limited’s LinkedIn Followers
Suntory Holdings Limited’s official LinkedIn profile has approximately 61,568 followers.
NAICS Classification of Suntory Holdings Limited
Suntory Holdings Limited is classified under the NAICS code 722, which corresponds to Food Services and Drinking Places.
Suntory Holdings Limited’s Presence on Crunchbase
No, Suntory Holdings Limited does not have a profile on Crunchbase.
Suntory Holdings Limited’s Presence on LinkedIn
Yes, Suntory Holdings Limited maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/suntory-holdings-limited.
Cybersecurity Incidents Involving Suntory Holdings Limited
As of December 11, 2025, Rankiteo reports that Suntory Holdings Limited has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
Suntory Holdings Limited has an estimated 8,495 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Suntory Holdings Limited ?
Incident Types: The types of cybersecurity incidents that have occurred include Cyber Attack.
How does Suntory Holdings Limited detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an communication strategy with public disclosure via maine attorney general..
Incident Details
Can you provide details on each incident ?
Title: Pepsi Bottling Ventures LLC Data Breach (2023)
Description: On February 20, 2023, the Maine Office of the Attorney General reported a data breach involving Pepsi Bottling Ventures LLC. The breach occurred between December 23, 2022, and January 19, 2023, as a result of external hacking, affecting 17,612 individuals, with 4 residents from Maine specifically impacted. Personal information potentially compromised included financial account numbers and identification numbers.
Date Detected: 2023-01-19
Date Publicly Disclosed: 2023-02-20
Type: Data Breach
Attack Vector: External Hacking
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Cyber Attack.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach PBV008091825
Data Compromised: Financial account numbers, Identification numbers
Identity Theft Risk: High (PII and financial data exposed)
Payment Information Risk: High (financial account numbers exposed)
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Financial Account Numbers, Identification Numbers (Pii) and .
Which entities were affected by each incident ?
Incident : Data Breach PBV008091825
Entity Name: Pepsi Bottling Ventures LLC
Entity Type: Private Company
Industry: Beverage Manufacturing & Distribution
Location: United States
Customers Affected: 17612
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach PBV008091825
Communication Strategy: Public disclosure via Maine Attorney General
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach PBV008091825
Type of Data Compromised: Financial account numbers, Identification numbers (pii)
Number of Records Exposed: 17612
Sensitivity of Data: High
Data Exfiltration: Likely (data compromised)
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Data Breach PBV008091825
Regulatory Notifications: Maine Office of the Attorney General
References
Where can I find more information about each incident ?
Incident : Data Breach PBV008091825
Source: Maine Office of the Attorney General
Date Accessed: 2023-02-20
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Maine Office of the Attorney GeneralDate Accessed: 2023-02-20.
Investigation Status
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Public disclosure via Maine Attorney General.
Additional Questions
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2023-01-19.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2023-02-20.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Financial account numbers, Identification numbers and .
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Identification numbers and Financial account numbers.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 188.0.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident is Maine Office of the Attorney General.
.png)
Latest Global CVEs (Not Company-Specific)
Description
FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions prior to 16.0.96 and 17.0.1 through 17.0.9 have a weak default password. By default, this is a 6 digit numeric value which can be brute forced. (This is the app_password parameter). Depending on local configuration, this password could be the extension, voicemail, user manager, DPMA or EPM phone admin password. This issue is fixed in versions 16.0.96 and 17.0.10.
Risk Information
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Neuron is a PHP framework for creating and orchestrating AI Agents. In versions 2.8.11 and below, the MySQLWriteTool executes arbitrary SQL provided by the caller using PDO::prepare() + execute() without semantic restrictions. This is consistent with the name (“write tool”), but in an LLM/agent context it becomes a high-risk capability: prompt injection or indirect prompt manipulation can cause execution of destructive queries such as DROP TABLE, TRUNCATE, DELETE, ALTER, or privilege-related statements (subject to DB permissions). Deployments that expose an agent with MySQLWriteTool enabled to untrusted input and/or run the tool with a DB user that has broad privileges are impacted. This issue is fixed in version 2.8.12.
Risk Information
cvss3
Base: 9.4
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
Description
Neuron is a PHP framework for creating and orchestrating AI Agents. Versions 2.8.11 and below use MySQLSelectTool, which is vulnerable to Read-Only Bypass. MySQLSelectTool is intended to be a read-only SQL tool (e.g., for LLM agent querying, however, validation based on the first keyword (e.g., SELECT) and a forbidden-keyword list does not block file-writing constructs such as INTO OUTFILE / INTO DUMPFILE. As a result, an attacker who can influence the tool input (e.g., via prompt injection through a public agent endpoint) may write arbitrary files to the DB server if the MySQL/MariaDB account has the FILE privilege and server configuration permits writes to a useful location (e.g., a web-accessible directory). This issue is fixed in version 2.8.12.
Risk Information
cvss3
Base: 8.2
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
Description
Okta Java Management SDK facilitates interactions with the Okta management API. In versions 11.0.0 through 20.0.0, race conditions may arise from concurrent requests using the ApiClient class. This could cause a status code or response header from one request’s response to influence another request’s response. This issue is fixed in version 20.0.1.
Risk Information
cvss3
Base: 8.4
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L
Description
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. When using versions 4.11.0 through 4.11.2 and 4.12.0, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results. This issue is fixed in versions 4.11.2 and 4.12.1.
Risk Information
cvss3
Base: 5.4
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=suntory-holdings-limited' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
