HC
Company Details
Linkedin ID:
the-hershey-company
Employees number:
10,932
Number of followers:
495,788
NAICS:
30
Industry Type:
Homepage:
thehersheycompany.com
IP Addresses:
6
Company ID:
THE_3320418
Scan Status:
Completed
The Hershey Company Company CyberSecurity Posture
thehersheycompany.com
The Hershey Company is headquartered in Hershey, Pa., and is an industry-leading snacks company with a purpose to make more moments of goodness through its iconic brands. Hershey has approximately 20,000 employees around the world who work every day to deliver delicious, quality products. The company has more than 70 brands around the world that drive more than $11 billion in annual revenues, including such beloved brands like HERSHEY'S, REESE'S, KIT KAT®, JOLLY RANCHER, ICE BREAKERS, SHAQ-A-LICIOUS, SKINNYPOP and DOT'S HOMESTYLE PRETZEL'S. For more than 130 years, Hershey has been committed to operating responsibly and supporting its people and communities. Hershey founder, Milton Hershey, created Milton Hershey School in 1909, and since then, the company has focused on helping children succeed through access to education.
The Hershey Company A.I CyberSecurity Scoring
HC Risk Score (AI oriented)Between 750 and 799
HC
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
HC Global Score (TPRM)XXXX
HC
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
HC Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
The Hershey Company
Breach
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: The Vermont Attorney General reported a data breach involving The Hershey Company on December 1, 2023. The breach occurred between September 3 and 4, 2023, when an unauthorized user accessed a limited number of email accounts, potentially exposing personal information such as names, Social Security Numbers, and health information. The number of affected individuals is unknown.
HC Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for HC
Incidents vs Manufacturing Industry Average (This Year)
No incidents recorded for The Hershey Company in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for The Hershey Company in 2025.
Incident Types HC vs Manufacturing Industry Avg (This Year)
No incidents recorded for The Hershey Company in 2025.
Incident History — HC (X = Date, Y = Severity)
HC cyber incidents detection timeline including parent company and subsidiaries
HC Company Subsidiaries
The Hershey Company is headquartered in Hershey, Pa., and is an industry-leading snacks company with a purpose to make more moments of goodness through its iconic brands. Hershey has approximately 20,000 employees around the world who work every day to deliver delicious, quality products. The company has more than 70 brands around the world that drive more than $11 billion in annual revenues, including such beloved brands like HERSHEY'S, REESE'S, KIT KAT®, JOLLY RANCHER, ICE BREAKERS, SHAQ-A-LICIOUS, SKINNYPOP and DOT'S HOMESTYLE PRETZEL'S. For more than 130 years, Hershey has been committed to operating responsibly and supporting its people and communities. Hershey founder, Milton Hershey, created Milton Hershey School in 1909, and since then, the company has focused on helping children succeed through access to education.
Loading...
HC Similar Companies
Celestica enables the world's best brands. Through our unrivaled customer-centric approach, we partner with leading companies in aerospace and defense, communications, enterprise, healthtech, industrial, capital equipment, and smart energy to deliver solutions for their most complex challenges. A le
Colgate-Palmolive
Make More Smiles. We are Colgate-Palmolive, a caring, innovative growth company that is reimagining a healthier future for all people, their pets and our planet. For over 200 years, we've poured our care into creating a future where everyone has more reasons to smile. CP People develop, produce, dis
Dräger
Dräger is an international leader in the fields of medical and safety technology. The family-owned company was founded in Lübeck, Germany, in 1889. The company’s long-term success is based on the four key strengths of its value-driven culture: customer intimacy, professional employees, continuous in
Patanjali Foods
For almost four decades, Patanjali Foods has championed India’s wellness revolution. Founded in 1986, we began with a simple mission: making swadeshi products, affordable and quality-driven for every household. Today, we are a leading FMCG force, offering a wide range of household essentials. From n
Grendene S/A
Se você deseja construir uma carreira em uma das maiores empresas do Brasil, a Grendene é o seu lugar. Se você quer estar em uma empresa diferente, com criatividade brasileira, tecnologia global e inovação constante, faça parte da nossa equipe. Se você busca desenvolvimento profissional, onde
AB InBev
As a company, we dream big to create a future with more cheers. We are always looking to serve up new ways to meet life’s moments, move our industry forward and make a meaningful impact in the world. We are committed to building great brands that stand the test of time and to brewing the best beers
Reckitt
Every day, in everything we do, our purpose is to protect, heal and nurture in the relentless pursuit of a cleaner, healthier world. And we have a fight on our hands. A fight to make access to the highest quality hygiene, wellness and nourishment a right and not a privilege. Each of our products is
FEMSA
FEMSA is a company that creates economic and social value through companies and institutions and strives to be the best employer and neighbor to the communities in which it operates. It participates in the retail industry through a Proximity Division operating OXXO, a small-format store chain, OXXO
For the builders and protectors, for the makers and explorers, for those shaping and reshaping our world through hard work and inspiration, Stanley Black & Decker provides the tools and innovative solutions you can trust to get the job done—and we have since 1843. You repair your home and car with
.png)
HC CyberSecurity News
December 04, 2025 02:15 PM
Jakks Pacific announces a sweet new licensing partnership with the Hershey Company
Jakks Pacific announces a sweet new licensing partnership with the Hershey Company. Published on 12/04/2025 at 09:15 am EST. Reuters.
December 04, 2025 02:01 PM
JAKKS Pacific Announces a Sweet New Licensing Partnership with The Hershey Company
SANTA MONICA, Calif., Dec. 04, 2025 -- JAKKS Pacific, Inc. , a leading designer and marketer of toys, and The Hershey Company, one of the...
December 04, 2025 02:00 PM
JAKKS Pacific (NASDAQ: JAKK) signs Hershey licensing deal for 8 Charming SKUs
JAKKS Pacific and Hershey unveil the first confection-themed Charming bag charms, with Hershey's Kisses collectibles hitting CVS Dec.
November 19, 2025 08:00 AM
Hershey (NYSE: HSY) closes LesserEvil acquisition as salty snack portfolio grew 1.5x
The Hershey Company completes its acquisition of organic snack maker LesserEvil, adding manufacturing capacity as its salty portfolio grew...
November 12, 2025 08:00 AM
The Hershey Co. (NYSE: HSY) refreshes Chocolate Tour Ride with 2,000 lights, 11 elves
Hershey's Chocolate World launches a $44.95 Holiday Savings Bundle with five attractions, a $6 bakery voucher and free parking,...
November 12, 2025 08:00 AM
Hershey's Chocolate World (NYSE: HSY) updates holiday ride with 2,000 lights, 11 elves
HERSHEY (NYSE: HSY) refreshed HERSHEY'S CHOCOLATE WORLD for the holidays with a new Holiday Savings Bundle and an upgraded Chocolate Tour...
November 06, 2025 08:00 AM
The Hershey Company (HSY) debuts 4 new holiday treats, led by Kisses Snickerdoodle
Lineup adds Hershey's Grinch Milk Chocolate Bar in 3 unique designs, Reese's Mini Trees, returning KIT KAT Santas, plus seasonal candy...
November 04, 2025 08:00 AM
Jim Cramer on Hershey Company: “It’s Probably Close to a Bottom”
The Hershey Company (NYSE:HSY) is one of the stocks Jim Cramer shed light on. Cramer discussed the company's struggles over the last couple...
October 30, 2025 07:00 AM
Transcript : The Hershey Company, Q3 2025 Pre Recorded Earnings Call, Oct 30, 2025
Presentation Operator MessageOperator Good morning, and welcome to the pre-recorded discussion of the Hershey Company's Third Quarter 2025...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
HC CyberSecurity History Information
Official Website of The Hershey Company
The official website of The Hershey Company is https://www.thehersheycompany.com/.
The Hershey Company’s AI-Generated Cybersecurity Score
According to Rankiteo, The Hershey Company’s AI-generated cybersecurity score is 784, reflecting their Fair security posture.
How many security badges does The Hershey Company’ have ?
According to Rankiteo, The Hershey Company currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does The Hershey Company have SOC 2 Type 1 certification ?
According to Rankiteo, The Hershey Company is not certified under SOC 2 Type 1.
Does The Hershey Company have SOC 2 Type 2 certification ?
According to Rankiteo, The Hershey Company does not hold a SOC 2 Type 2 certification.
Does The Hershey Company comply with GDPR ?
According to Rankiteo, The Hershey Company is not listed as GDPR compliant.
Does The Hershey Company have PCI DSS certification ?
According to Rankiteo, The Hershey Company does not currently maintain PCI DSS compliance.
Does The Hershey Company comply with HIPAA ?
According to Rankiteo, The Hershey Company is not compliant with HIPAA regulations.
Does The Hershey Company have ISO 27001 certification ?
According to Rankiteo,The Hershey Company is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of The Hershey Company
The Hershey Company operates primarily in the Manufacturing industry.
Number of Employees at The Hershey Company
The Hershey Company employs approximately 10,932 people worldwide.
Subsidiaries Owned by The Hershey Company
The Hershey Company presently has no subsidiaries across any sectors.
The Hershey Company’s LinkedIn Followers
The Hershey Company’s official LinkedIn profile has approximately 495,788 followers.
NAICS Classification of The Hershey Company
The Hershey Company is classified under the NAICS code 30, which corresponds to Manufacturing.
The Hershey Company’s Presence on Crunchbase
No, The Hershey Company does not have a profile on Crunchbase.
The Hershey Company’s Presence on LinkedIn
Yes, The Hershey Company maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/the-hershey-company.
Cybersecurity Incidents Involving The Hershey Company
As of December 11, 2025, Rankiteo reports that The Hershey Company has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
The Hershey Company has an estimated 7,821 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at The Hershey Company ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
Incident Details
Can you provide details on each incident ?
Title: Data Breach at The Hershey Company
Description: The Vermont Attorney General reported a data breach involving The Hershey Company on December 1, 2023. The breach occurred between September 3 and 4, 2023, when an unauthorized user accessed a limited number of email accounts, potentially exposing personal information such as names, Social Security Numbers, and health information. The number of affected individuals is unknown.
Date Detected: 2023-12-01
Date Publicly Disclosed: 2023-12-01
Type: Data Breach
Attack Vector: Unauthorized Access to Email Accounts
Threat Actor: Unauthorized User
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Email Accounts.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach THE425072625
Data Compromised: Names, Social security numbers, Health information
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Names, Social Security Numbers, Health Information and .
Which entities were affected by each incident ?
Incident : Data Breach THE425072625
Entity Name: The Hershey Company
Entity Type: Corporation
Industry: Food and Beverage
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach THE425072625
Type of Data Compromised: Names, Social security numbers, Health information
Sensitivity of Data: High
References
Where can I find more information about each incident ?
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Vermont Attorney GeneralDate Accessed: 2023-12-01.
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Data Breach THE425072625
Entry Point: Email Accounts
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident was an Unauthorized User.
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2023-12-01.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2023-12-01.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Names, Social Security Numbers, Health Information and .
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Names, Social Security Numbers and Health Information.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident is Vermont Attorney General.
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker was an Email Accounts.
.png)
Latest Global CVEs (Not Company-Specific)
Description
FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions prior to 16.0.96 and 17.0.1 through 17.0.9 have a weak default password. By default, this is a 6 digit numeric value which can be brute forced. (This is the app_password parameter). Depending on local configuration, this password could be the extension, voicemail, user manager, DPMA or EPM phone admin password. This issue is fixed in versions 16.0.96 and 17.0.10.
Risk Information
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Neuron is a PHP framework for creating and orchestrating AI Agents. In versions 2.8.11 and below, the MySQLWriteTool executes arbitrary SQL provided by the caller using PDO::prepare() + execute() without semantic restrictions. This is consistent with the name (“write tool”), but in an LLM/agent context it becomes a high-risk capability: prompt injection or indirect prompt manipulation can cause execution of destructive queries such as DROP TABLE, TRUNCATE, DELETE, ALTER, or privilege-related statements (subject to DB permissions). Deployments that expose an agent with MySQLWriteTool enabled to untrusted input and/or run the tool with a DB user that has broad privileges are impacted. This issue is fixed in version 2.8.12.
Risk Information
cvss3
Base: 9.4
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
Description
Neuron is a PHP framework for creating and orchestrating AI Agents. Versions 2.8.11 and below use MySQLSelectTool, which is vulnerable to Read-Only Bypass. MySQLSelectTool is intended to be a read-only SQL tool (e.g., for LLM agent querying, however, validation based on the first keyword (e.g., SELECT) and a forbidden-keyword list does not block file-writing constructs such as INTO OUTFILE / INTO DUMPFILE. As a result, an attacker who can influence the tool input (e.g., via prompt injection through a public agent endpoint) may write arbitrary files to the DB server if the MySQL/MariaDB account has the FILE privilege and server configuration permits writes to a useful location (e.g., a web-accessible directory). This issue is fixed in version 2.8.12.
Risk Information
cvss3
Base: 8.2
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
Description
Okta Java Management SDK facilitates interactions with the Okta management API. In versions 11.0.0 through 20.0.0, race conditions may arise from concurrent requests using the ApiClient class. This could cause a status code or response header from one request’s response to influence another request’s response. This issue is fixed in version 20.0.1.
Risk Information
cvss3
Base: 8.4
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L
Description
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. When using versions 4.11.0 through 4.11.2 and 4.12.0, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results. This issue is fixed in versions 4.11.2 and 4.12.1.
Risk Information
cvss3
Base: 5.4
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=the-hershey-company' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
