TotalEnergies
Company Details
Linkedin ID:
totalenergies
Website:
Employees number:
79,389
Number of followers:
4,894,955
NAICS:
211
Industry Type:
Homepage:
totalenergies.com
IP Addresses:
0
Company ID:
TOT_1853762
Scan Status:
In-progress
TotalEnergies Company CyberSecurity Posture
totalenergies.com
Have you ever thought of offering your skills and expertise to a multinational company? Give your best to better energy and make the commitment with TotalEnergies. With over 500-plus professions in 130 countries, we offer high safety and environmental standards, strong ethical values, an innovation culture and wide-ranging career development. Be part of the global team whose mission is already shared by 105,000 employees : to be a world-class player in the energy transition
TotalEnergies A.I CyberSecurity Scoring
TotalEnergies Risk Score (AI oriented)Between 800 and 849
TotalEnergies
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
TotalEnergies Global Score (TPRM)XXXX
TotalEnergies
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
TotalEnergies Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
Total Energies
Cyber Attack
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: In July 2024, **TotalEnergies Clientes SAU**, a subsidiary of the global energy corporation **TotalEnergies**, fell victim to a targeted cyberattack. The incident involved unauthorized access to one of its **sales management computer systems**, resulting in the exposure of **sensitive personal data** belonging to **210,715 customers**. The compromised information included confidential details, though the exact nature of the data (e.g., financial records, identification documents) was not publicly specified.The company responded by **collaborating with law enforcement agencies** and the **Spanish Data Protection Agency (AEPD)** to investigate the breach, mitigate risks, and pursue legal action against the perpetrators. While no ransomware was reported, the attack raised concerns over **customer privacy violations** and potential downstream risks such as identity theft or fraud. TotalEnergies emphasized efforts to **strengthen cybersecurity measures** and notify affected individuals, though the long-term reputational and operational impacts remain under assessment.
TotalEnergies Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for TotalEnergies
Incidents vs Oil and Gas Industry Average (This Year)
No incidents recorded for TotalEnergies in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for TotalEnergies in 2025.
Incident Types TotalEnergies vs Oil and Gas Industry Avg (This Year)
No incidents recorded for TotalEnergies in 2025.
Incident History — TotalEnergies (X = Date, Y = Severity)
TotalEnergies cyber incidents detection timeline including parent company and subsidiaries
TotalEnergies Company Subsidiaries
Have you ever thought of offering your skills and expertise to a multinational company? Give your best to better energy and make the commitment with TotalEnergies. With over 500-plus professions in 130 countries, we offer high safety and environmental standards, strong ethical values, an innovation culture and wide-ranging career development. Be part of the global team whose mission is already shared by 105,000 employees : to be a world-class player in the energy transition
Loading...
TotalEnergies Similar Companies
Oil and Natural Gas Corporation Ltd
Maharatna ONGC is the largest producer of crude oil and natural gas in India, contributing around 70 per cent of Indian domestic production. The crude oil is the raw material used by downstream companies like IOC, BPCL, HPCL to produce petroleum products like Petrol, Diesel, Kerosene, Naphtha, Cooki
Marathon Petroleum Corporation
Marathon Petroleum Corporation (MPC) is a leading, integrated, downstream and midstream energy company headquartered in Findlay, Ohio. The company operates the nation's largest refining system. MPC's marketing system includes branded locations across the United States, including Marathon brand retai
PT Pertamina (Persero) is an Indonesian state-owned enterprise, which is engaged in the integrated energy in Indonesia. Established on December 10, 1957, Pertamina had the experiences in upstream, midstream, downstream and renewable energy sectors for more than 50 years. This is the official Link
TechnipFMC
TechnipFMC is a leading technology provider to the traditional and new energies industry, delivering fully integrated projects, products, and services. With our proprietary technologies and comprehensive solutions, we are transforming our clients’ project economics, helping them unlock new possibi
En YPF, tenemos un Plan 4x4 para convertirnos en una compañía de clase mundial y lograr transformarnos en grandes exportadores de hidrocarburos. Nuestros cuatro pilares son: la aceleración de la producción de petróleo en Vaca Muerta, el activo más importante que tiene nuestro país; la disciplina f
We are a global oil and gas company tasked with an important job—to safely find and deliver energy for the world. We’re experts in what we do—from the well site to the office. Across our operations and activities in 13 countries, we never forget our responsibility to be a great neighbor, and a gre
At Enbridge, our goal is to be the first-choice energy delivery company in North America and beyond—for customers, communities, investors, regulators and policymakers, and employees. We also recognize the importance of a secure, reliable and affordable supply of energy, which we deliver every day th
Complexul Energetic Oltenia
CE Oltenia is the sole lignite producer in Romania and one of the major players in the energy services sector in Romania, set-up on 31 May 2012 following a decision of the Romanian Government for the reorganization of the energy sector through a merger between a national lignite company (Societate
PETRONAS
Petroliam Nasional Berhad (PETRONAS) is a leading global energy company committed to powering society’s progress in a responsible and sustainable manner. With close to 50,000 employees and a global reach spanning over 100 countries, we are ranked among the world’s largest corporations by revenue in
.png)
TotalEnergies CyberSecurity News
November 25, 2025 11:19 AM
E&E News: Belgian farmer suing oil major over climate change
CLIMATEWIRE | TOURNAI, Belgium — Back in 2016, a freak storm destroyed the entire strawberry crop on Hugues Falys' farm in the province of...
November 21, 2025 11:45 AM
E&E News: TotalEnergies CEO warns Europeans not to be overreliant on US LNG
ENERGYWIRE | TotalEnergies CEO Patrick Pouyanne said European nations should avoid becoming too reliant on imports of U.S. liquefied natural...
November 19, 2025 11:42 AM
E&E News: TotalEnergies accused of complicity in war crimes over Mozambique massacre
ENERGYWIRE | French energy giant TotalEnergies was formally accused Monday of complicity in war crimes and torture in a criminal complaint...
November 12, 2025 08:00 AM
French court calls out alleged deceptive net zero claims by TotalEnergies
Regulators in Europe are focused on punishing energy firms that make deceptive claims on net zero targets, as TotalEnergies recently...
November 06, 2025 07:07 AM
TotalEnergies, Data4 ink renewable power supply deal in Spain
Global energy company, TotalEnergies and European data center operator, Data4, have signed a 10-year agreement for the supply of renewable electricity to...
November 03, 2025 08:00 AM
TotalEnergies EP Ratawi Hub Wins ISA100 Wireless Excellence in Automation Award
PRNewswire/ -- The International Society of Automation (ISA) — the leading professional society for automation — and the ISA100 Wireless...
October 24, 2025 07:00 AM
E&E News: Historic French ruling faults oil company for deceptive climate claims
CLIMATEWIRE | A French oil major must pay up for misleading consumers about its environmental commitments and climate strategy,...
October 22, 2025 07:00 AM
From Microsoft 365 Copilot to Copilot Studio: TotalEnergies at the forefront of AI transformation
A key player in the energy sector, TotalEnergies is turning to AI and autonomous agents alongside Microsoft.
September 29, 2025 07:00 AM
TotalEnergies plans $7.5bn in cuts as lower oil prices weigh on industry
With crude prices forecast to fall below $50 next year, oil majors are axing jobs and investment.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
TotalEnergies CyberSecurity History Information
Official Website of TotalEnergies
The official website of TotalEnergies is http://www.totalenergies.com.
TotalEnergies’s AI-Generated Cybersecurity Score
According to Rankiteo, TotalEnergies’s AI-generated cybersecurity score is 822, reflecting their Good security posture.
How many security badges does TotalEnergies’ have ?
According to Rankiteo, TotalEnergies currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does TotalEnergies have SOC 2 Type 1 certification ?
According to Rankiteo, TotalEnergies is not certified under SOC 2 Type 1.
Does TotalEnergies have SOC 2 Type 2 certification ?
According to Rankiteo, TotalEnergies does not hold a SOC 2 Type 2 certification.
Does TotalEnergies comply with GDPR ?
According to Rankiteo, TotalEnergies is not listed as GDPR compliant.
Does TotalEnergies have PCI DSS certification ?
According to Rankiteo, TotalEnergies does not currently maintain PCI DSS compliance.
Does TotalEnergies comply with HIPAA ?
According to Rankiteo, TotalEnergies is not compliant with HIPAA regulations.
Does TotalEnergies have ISO 27001 certification ?
According to Rankiteo,TotalEnergies is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of TotalEnergies
TotalEnergies operates primarily in the Oil and Gas industry.
Number of Employees at TotalEnergies
TotalEnergies employs approximately 79,389 people worldwide.
Subsidiaries Owned by TotalEnergies
TotalEnergies presently has no subsidiaries across any sectors.
TotalEnergies’s LinkedIn Followers
TotalEnergies’s official LinkedIn profile has approximately 4,894,955 followers.
NAICS Classification of TotalEnergies
TotalEnergies is classified under the NAICS code 211, which corresponds to Oil and Gas Extraction.
TotalEnergies’s Presence on Crunchbase
No, TotalEnergies does not have a profile on Crunchbase.
TotalEnergies’s Presence on LinkedIn
Yes, TotalEnergies maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/totalenergies.
Cybersecurity Incidents Involving TotalEnergies
As of December 11, 2025, Rankiteo reports that TotalEnergies has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
TotalEnergies has an estimated 10,531 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at TotalEnergies ?
Incident Types: The types of cybersecurity incidents that have occurred include Cyber Attack.
Incident Details
Can you provide details on each incident ?
Title: TotalEnergies Clientes SAU Data Breach (July 2024)
Description: In July 2024, TotalEnergies Clientes SAU, a subsidiary of the global energy company TotalEnergies, experienced a cyberattack that compromised the personal data of 210,715 customers. The breach involved unauthorized access to one of its sales management computer systems, exposing sensitive customer information.
Type: Data Breach
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Cyber Attack.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach TOT316092125
Data Compromised: Personal data of 210,715 customers
Systems Affected: Sales management computer system
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Personal data.
Which entities were affected by each incident ?
Incident : Data Breach TOT316092125
Entity Name: TotalEnergies Clientes SAU
Entity Type: Subsidiary
Industry: Energy
Location: Spain
Customers Affected: 210,715
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach TOT316092125
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach TOT316092125
Type of Data Compromised: Personal data
Number of Records Exposed: 210,715
Sensitivity of Data: Sensitive
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Data Breach TOT316092125
Legal Actions: Pursuing legal action against responsible parties,
Regulatory Notifications: Spanish Data Protection Agency
How does the company ensure compliance with regulatory requirements ?
Ensuring Regulatory Compliance: The company ensures compliance with regulatory requirements through Pursuing legal action against responsible parties, .
Additional Questions
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Personal data of 210,715 customers and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was Sales management computer system.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Personal data of 210 and715 customers.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 210.7K.
Regulatory Compliance
What was the most significant legal action taken for a regulatory violation ?
Most Significant Legal Action: The most significant legal action taken for a regulatory violation was Pursuing legal action against responsible parties, .
.png)
Latest Global CVEs (Not Company-Specific)
Description
FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions prior to 16.0.96 and 17.0.1 through 17.0.9 have a weak default password. By default, this is a 6 digit numeric value which can be brute forced. (This is the app_password parameter). Depending on local configuration, this password could be the extension, voicemail, user manager, DPMA or EPM phone admin password. This issue is fixed in versions 16.0.96 and 17.0.10.
Risk Information
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Neuron is a PHP framework for creating and orchestrating AI Agents. In versions 2.8.11 and below, the MySQLWriteTool executes arbitrary SQL provided by the caller using PDO::prepare() + execute() without semantic restrictions. This is consistent with the name (“write tool”), but in an LLM/agent context it becomes a high-risk capability: prompt injection or indirect prompt manipulation can cause execution of destructive queries such as DROP TABLE, TRUNCATE, DELETE, ALTER, or privilege-related statements (subject to DB permissions). Deployments that expose an agent with MySQLWriteTool enabled to untrusted input and/or run the tool with a DB user that has broad privileges are impacted. This issue is fixed in version 2.8.12.
Risk Information
cvss3
Base: 9.4
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
Description
Neuron is a PHP framework for creating and orchestrating AI Agents. Versions 2.8.11 and below use MySQLSelectTool, which is vulnerable to Read-Only Bypass. MySQLSelectTool is intended to be a read-only SQL tool (e.g., for LLM agent querying, however, validation based on the first keyword (e.g., SELECT) and a forbidden-keyword list does not block file-writing constructs such as INTO OUTFILE / INTO DUMPFILE. As a result, an attacker who can influence the tool input (e.g., via prompt injection through a public agent endpoint) may write arbitrary files to the DB server if the MySQL/MariaDB account has the FILE privilege and server configuration permits writes to a useful location (e.g., a web-accessible directory). This issue is fixed in version 2.8.12.
Risk Information
cvss3
Base: 8.2
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
Description
Okta Java Management SDK facilitates interactions with the Okta management API. In versions 11.0.0 through 20.0.0, race conditions may arise from concurrent requests using the ApiClient class. This could cause a status code or response header from one request’s response to influence another request’s response. This issue is fixed in version 20.0.1.
Risk Information
cvss3
Base: 8.4
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L
Description
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. When using versions 4.11.0 through 4.11.2 and 4.12.0, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results. This issue is fixed in versions 4.11.2 and 4.12.1.
Risk Information
cvss3
Base: 5.4
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=totalenergies' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
