TPBI
Company Details
Linkedin ID:
turning-point-brands-inc.
Employees number:
234
Number of followers:
5,275
NAICS:
30
Industry Type:
Homepage:
turningpointbrands.com
IP Addresses:
0
Company ID:
TUR_1389942
Scan Status:
In-progress
Turning Point Brands, Inc. Company CyberSecurity Posture
turningpointbrands.com
Turning Point Brands, Inc. (NYSE: TPB) is a leading, manufacturer, marketer and distributor of branded consumer products with active ingredients. We sell a wide range of products exclusively to adult consumers, from our iconic brands to our next generation products to fulfill evolving consumer preferences. Our three focus segments are led by our core, proprietary brands including Zig-Zag® (rolling papers and wraps), Stoker’s® (looseleaf chew and moist snuff) along with our distribution platforms (VaporBeast®, VaporFi® and Direct Vapor®) in NewGen. Our products are sold in over 215,000 retail outlets in North America and through our e-commerce platforms such as www.zigzag.com. Our businesses generate solid cash flow which we use to finance acquisitions, increase brand support, expand our distribution infrastructure, and strengthen our capital position. The world-famous Zig-Zag® brand has a proud heritage of leadership dating to 1879. Zig-Zag® is the leading premium paper in both the U.S. and Canada. Over the past decade, Zig-Zag® has successfully expanded its consumer base into new product categories such as cigar wraps, hemp paper and paper cones. In 2022, we entered into an exclusive distribution agreement for CLIPPER® lighters (the world's leading reusable lighter) in the U.S. and Canada. The Stoker’s® brand has a proud heritage dating to 1940. Stoker’s competes in the chewing tobacco segment, where it has grown to the #1 position, and in the moist snuff segment, where it remains one of the fastest-growing brands. The portfolio also includes Beech-Nut®, launched in 1897, and a diverse collection of other chewing tobacco brands that offer a variety of consumer choices and tastes. Our NewGen vapor portfolio includes our B2B (Vapor Beast®), B2C (International Vapor Group®) vape distribution platforms.
Turning Point Brands, Inc. A.I CyberSecurity Scoring
TPBI Risk Score (AI oriented)Between 700 and 749
TPBI
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
TPBI Global Score (TPRM)XXXX
TPBI
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
TPBI Company CyberSecurity News & History
Past Incidents
2
Attack Types
2
International Vapor Group
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The California Office of the Attorney General reported a data breach involving International Vapor Group on March 12, 2019. The breach occurred on June 30, 2018, resulting in the compromise of customers' names and credit or debit card information due to unauthorized access to their e-commerce site.
Vaporfi.com
Cyber Attack
Rankiteo Explanation
Attack limited on finance or reputation
Description: The Maine Office of the Attorney General disclosed a data breach affecting **Vaporfi.com** (and its associated platform, Directvapor.com) on **December 21, 2020**. The incident stemmed from **unauthorized access to the company’s online payment platform**, discovered on **September 23, 2020**. The breach exposed **credit and debit card information** of **10,544 individuals**, including **3 Maine residents**. While the exact method of intrusion remains undisclosed, the compromise of financial data suggests a targeted cyber intrusion aimed at exploiting payment processing vulnerabilities. The exposed information poses risks of **fraudulent transactions, identity theft, and financial losses** for affected customers. The breach underscores the critical need for robust payment system security, particularly in e-commerce platforms handling sensitive financial data. No evidence suggests broader data exfiltration beyond payment details, but the incident highlights vulnerabilities in third-party payment integrations or internal security controls.
TPBI Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for TPBI
Incidents vs Manufacturing Industry Average (This Year)
No incidents recorded for Turning Point Brands, Inc. in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Turning Point Brands, Inc. in 2025.
Incident Types TPBI vs Manufacturing Industry Avg (This Year)
No incidents recorded for Turning Point Brands, Inc. in 2025.
Incident History — TPBI (X = Date, Y = Severity)
TPBI cyber incidents detection timeline including parent company and subsidiaries
TPBI Company Subsidiaries
Turning Point Brands, Inc. (NYSE: TPB) is a leading, manufacturer, marketer and distributor of branded consumer products with active ingredients. We sell a wide range of products exclusively to adult consumers, from our iconic brands to our next generation products to fulfill evolving consumer preferences. Our three focus segments are led by our core, proprietary brands including Zig-Zag® (rolling papers and wraps), Stoker’s® (looseleaf chew and moist snuff) along with our distribution platforms (VaporBeast®, VaporFi® and Direct Vapor®) in NewGen. Our products are sold in over 215,000 retail outlets in North America and through our e-commerce platforms such as www.zigzag.com. Our businesses generate solid cash flow which we use to finance acquisitions, increase brand support, expand our distribution infrastructure, and strengthen our capital position. The world-famous Zig-Zag® brand has a proud heritage of leadership dating to 1879. Zig-Zag® is the leading premium paper in both the U.S. and Canada. Over the past decade, Zig-Zag® has successfully expanded its consumer base into new product categories such as cigar wraps, hemp paper and paper cones. In 2022, we entered into an exclusive distribution agreement for CLIPPER® lighters (the world's leading reusable lighter) in the U.S. and Canada. The Stoker’s® brand has a proud heritage dating to 1940. Stoker’s competes in the chewing tobacco segment, where it has grown to the #1 position, and in the moist snuff segment, where it remains one of the fastest-growing brands. The portfolio also includes Beech-Nut®, launched in 1897, and a diverse collection of other chewing tobacco brands that offer a variety of consumer choices and tastes. Our NewGen vapor portfolio includes our B2B (Vapor Beast®), B2C (International Vapor Group®) vape distribution platforms.
Loading...
TPBI Similar Companies
Vedanta Group
We operate on the belief that our people are our core assets and we consistently endeavour towards developing their potential to be our future leaders and key employees. We currently operate in India, South Africa, Liberia and Namibia, through our various subsidiaries. We seek to attract talent espe
Philip Morris International (PMI) is a leading international consumer goods company working to deliver a smoke-free future and evolving its portfolio for the long term to include products outside of the tobacco and nicotine sector. Since 2008, PMI has invested more than USD 14 billion to develop, sc
FEMSA
FEMSA is a company that creates economic and social value through companies and institutions and strives to be the best employer and neighbor to the communities in which it operates. It participates in the retail industry through a Proximity Division operating OXXO, a small-format store chain, OXXO
Dräger
Dräger is an international leader in the fields of medical and safety technology. The family-owned company was founded in Lübeck, Germany, in 1889. The company’s long-term success is based on the four key strengths of its value-driven culture: customer intimacy, professional employees, continuous in
Electrolux Group
Electrolux Group is a leading global appliance company that has shaped living for the better for more than 100 years. We reinvent taste, care and wellbeing experiences for millions of people, always striving to be at the forefront of sustainability in society through our solutions and operations. Un
Ternium
Ternium (NYSE:TX) is the largest steel producer in Latin America. With production centers in Argentina, Brazil, Colombia, the United States, Guatemala, and Mexico, Ternium has an extensive network of service and distribution centers in the continent, in addition to participating in the control group
Vorwerk Group
For more than 140 years, Vorwerk has been an internationally active family-owned company focused on improving life everywhere we call home. Our superior products and services come with a human touch, from the way we develop and sell them, to the way they are used. Vorwerk is the number-one direct sa
Tramontina
More than just numbers, what truly defines Tramontina is the constant effort to make people's lives better. The small iron mill founded by Valentin and Elisa Tramontina in 1911 in southern Brazil was the beginning of a group that now encompasses 9 manufacturing units and has kept the century-old tra
RAK Ceramics
RAK Ceramics is one of the largest ceramics’ brands in the world. Specialising in ceramic and gres porcelain wall and floor tiles, tableware, sanitaryware and faucets, the Company has the capacity to produce 118 million square meters of tiles, 5.7 million pieces of sanitaryware, 36 million pieces of
.png)
TPBI CyberSecurity News
November 21, 2025 11:17 AM
Did TPB’s Expanded ATM Program and Nicotine Pouch Push Just Shift Turning Point Brands’ Investment Narrative?
Turning Point Brands recently announced an expansion of its at-the-market sales agreement by US$200 million, coupled with ongoing retail...
November 18, 2025 02:42 PM
Nicotine Pouches Hit 55.7% of Oral Tobacco: Where Does Altria Stand?
Altria Group, Inc. (MO) is facing a pivotal moment as nicotine pouches surge to 55.7% of the U.S. oral tobacco market in the third quarter...
November 14, 2025 08:35 AM
Turning Point Brands Insider Sold Shares Worth $4,635,682, According to a Recent SEC Filing
Lawrence Wexler, Director, on November 11, 2025, sold 46470 shares in Turning Point Brands for $4635682. Following the Form 4 filing with...
November 14, 2025 08:00 AM
Is Turning Point Brands Stock a Buy After Investment Firm Cannell Capital Raises Its Stake to Nearly $20 Million?
Key Points Cannell Capital increased its position in Turning Point Brands by 119821 shares, representing a value change of $13.24 million.
November 12, 2025 08:00 AM
We Think That There Are Some Issues For Turning Point Brands (NYSE:TPB) Beyond Its Promising Earnings
Turning Point Brands, Inc. ( NYSE:TPB ) just released a solid earnings report, and the stock displayed some strength...
November 05, 2025 08:00 AM
Earnings Flash (TPB) Turning Point Brands, Inc. Reports Q3 Revenue $119.0M, vs. FactSet Est of $110.2M
Earnings Flash (TPB) Turning Point Brands, Inc. Reports Q3 Revenue $119.0M, vs. FactSet Est of $110.2M. Published on 11/05/2025 at 07:41 am...
November 05, 2025 08:00 AM
Turning Point Brands Announces Third Quarter 2025 Results
LOUISVILLE, Ky., November 05, 2025--Turning Point Brands, Inc. ("TPB" or the "Company") (NYSE: TPB), a manufacturer, marketer and...
November 05, 2025 08:00 AM
Earnings Flash (TPB) Turning Point Brands, Inc. Posts Q3 Adjusted EPS $1.27 per Share, vs. FactSet Est of $0.77
Earnings Flash (TPB) Turning Point Brands, Inc. Posts Q3 Adjusted EPS $1.27 per Share, vs. FactSet Est of $0.77.
November 05, 2025 08:00 AM
Turning Point Brands (TPB) Q3 Earnings and Revenues Beat Estimates
Turning Point Brands (TPB) delivered earnings and revenue surprises of +29.63% and +5.90%, respectively, for the quarter ended September...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
TPBI CyberSecurity History Information
Official Website of Turning Point Brands, Inc.
The official website of Turning Point Brands, Inc. is http://www.turningpointbrands.com.
Turning Point Brands, Inc.’s AI-Generated Cybersecurity Score
According to Rankiteo, Turning Point Brands, Inc.’s AI-generated cybersecurity score is 748, reflecting their Moderate security posture.
How many security badges does Turning Point Brands, Inc.’ have ?
According to Rankiteo, Turning Point Brands, Inc. currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Turning Point Brands, Inc. have SOC 2 Type 1 certification ?
According to Rankiteo, Turning Point Brands, Inc. is not certified under SOC 2 Type 1.
Does Turning Point Brands, Inc. have SOC 2 Type 2 certification ?
According to Rankiteo, Turning Point Brands, Inc. does not hold a SOC 2 Type 2 certification.
Does Turning Point Brands, Inc. comply with GDPR ?
According to Rankiteo, Turning Point Brands, Inc. is not listed as GDPR compliant.
Does Turning Point Brands, Inc. have PCI DSS certification ?
According to Rankiteo, Turning Point Brands, Inc. does not currently maintain PCI DSS compliance.
Does Turning Point Brands, Inc. comply with HIPAA ?
According to Rankiteo, Turning Point Brands, Inc. is not compliant with HIPAA regulations.
Does Turning Point Brands, Inc. have ISO 27001 certification ?
According to Rankiteo,Turning Point Brands, Inc. is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Turning Point Brands, Inc.
Turning Point Brands, Inc. operates primarily in the Manufacturing industry.
Number of Employees at Turning Point Brands, Inc.
Turning Point Brands, Inc. employs approximately 234 people worldwide.
Subsidiaries Owned by Turning Point Brands, Inc.
Turning Point Brands, Inc. presently has no subsidiaries across any sectors.
Turning Point Brands, Inc.’s LinkedIn Followers
Turning Point Brands, Inc.’s official LinkedIn profile has approximately 5,275 followers.
NAICS Classification of Turning Point Brands, Inc.
Turning Point Brands, Inc. is classified under the NAICS code 30, which corresponds to Manufacturing.
Turning Point Brands, Inc.’s Presence on Crunchbase
Yes, Turning Point Brands, Inc. has an official profile on Crunchbase, which can be accessed here: https://www.crunchbase.com/organization/turning-point-brands.
Turning Point Brands, Inc.’s Presence on LinkedIn
Yes, Turning Point Brands, Inc. maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/turning-point-brands-inc..
Cybersecurity Incidents Involving Turning Point Brands, Inc.
As of December 11, 2025, Rankiteo reports that Turning Point Brands, Inc. has experienced 2 cybersecurity incidents.
Number of Peer and Competitor Companies
Turning Point Brands, Inc. has an estimated 7,821 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Turning Point Brands, Inc. ?
Incident Types: The types of cybersecurity incidents that have occurred include Cyber Attack and Breach.
How does Turning Point Brands, Inc. detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an communication strategy with public disclosure via maine attorney general..
Incident Details
Can you provide details on each incident ?
Title: Data Breach at International Vapor Group
Description: The California Office of the Attorney General reported a data breach involving International Vapor Group on March 12, 2019. The breach occurred on June 30, 2018, resulting in the compromise of customers' names and credit or debit card information due to unauthorized access to their e-commerce site.
Date Detected: 2019-03-12
Date Publicly Disclosed: 2019-03-12
Type: Data Breach
Attack Vector: Unauthorized Access
Title: Data Breach at Vaporfi.com and Directvapor.com
Description: The Maine Office of the Attorney General reported a data breach involving Vaporfi.com and Directvapor.com on December 21, 2020. The breach was discovered on September 23, 2020, due to unauthorized access to the online payment platform, potentially affecting 3 Maine residents and a total of 10,544 individuals, exposing credit and debit card information.
Date Detected: 2020-09-23
Date Publicly Disclosed: 2020-12-21
Type: Data Breach
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach TUR252072725
Data Compromised: Customers' names, Credit or debit card information
Systems Affected: E-commerce site
Incident : Data Breach TUR1006091725
Data Compromised: Credit card information, Debit card information
Systems Affected: online payment platform
Identity Theft Risk: High (payment card data exposed)
Payment Information Risk: High (credit/debit card data exposed)
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Customers' Names, Credit Or Debit Card Information, , Payment Card Data and .
Which entities were affected by each incident ?
Incident : Data Breach TUR252072725
Entity Name: International Vapor Group
Entity Type: Company
Industry: E-commerce
Incident : Data Breach TUR1006091725
Entity Name: Vaporfi.com
Entity Type: E-commerce
Industry: Vaping/Retail
Customers Affected: 10,544 (3 in Maine)
Incident : Data Breach TUR1006091725
Entity Name: Directvapor.com
Entity Type: E-commerce
Industry: Vaping/Retail
Customers Affected: 10,544 (3 in Maine)
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach TUR1006091725
Communication Strategy: Public disclosure via Maine Attorney General
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach TUR252072725
Type of Data Compromised: Customers' names, Credit or debit card information
Incident : Data Breach TUR1006091725
Type of Data Compromised: Payment card data
Number of Records Exposed: 10,544
Sensitivity of Data: High
Data Exfiltration: Likely (unauthorized access to payment platform)
Personally Identifiable Information: Partial (payment card details)
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Data Breach TUR1006091725
Regulatory Notifications: Maine Attorney General
References
Where can I find more information about each incident ?
Incident : Data Breach TUR252072725
Source: California Office of the Attorney General
Date Accessed: 2019-03-12
Incident : Data Breach TUR1006091725
Source: Maine Office of the Attorney General
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: California Office of the Attorney GeneralDate Accessed: 2019-03-12, and Source: Maine Office of the Attorney General.
Investigation Status
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Public disclosure via Maine Attorney General.
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Data Breach TUR1006091725
High Value Targets: Payment Card Data,
Data Sold on Dark Web: Payment Card Data,
Additional Questions
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2019-03-12.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2020-12-21.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Customers' names, Credit or debit card information, , credit card information, debit card information and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was E-commerce site and online payment platform.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Credit or debit card information, Customers' names, debit card information and credit card information.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 10.5K.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are California Office of the Attorney General and Maine Office of the Attorney General.
.png)
Latest Global CVEs (Not Company-Specific)
Description
FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions prior to 16.0.96 and 17.0.1 through 17.0.9 have a weak default password. By default, this is a 6 digit numeric value which can be brute forced. (This is the app_password parameter). Depending on local configuration, this password could be the extension, voicemail, user manager, DPMA or EPM phone admin password. This issue is fixed in versions 16.0.96 and 17.0.10.
Risk Information
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Neuron is a PHP framework for creating and orchestrating AI Agents. In versions 2.8.11 and below, the MySQLWriteTool executes arbitrary SQL provided by the caller using PDO::prepare() + execute() without semantic restrictions. This is consistent with the name (“write tool”), but in an LLM/agent context it becomes a high-risk capability: prompt injection or indirect prompt manipulation can cause execution of destructive queries such as DROP TABLE, TRUNCATE, DELETE, ALTER, or privilege-related statements (subject to DB permissions). Deployments that expose an agent with MySQLWriteTool enabled to untrusted input and/or run the tool with a DB user that has broad privileges are impacted. This issue is fixed in version 2.8.12.
Risk Information
cvss3
Base: 9.4
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
Description
Neuron is a PHP framework for creating and orchestrating AI Agents. Versions 2.8.11 and below use MySQLSelectTool, which is vulnerable to Read-Only Bypass. MySQLSelectTool is intended to be a read-only SQL tool (e.g., for LLM agent querying, however, validation based on the first keyword (e.g., SELECT) and a forbidden-keyword list does not block file-writing constructs such as INTO OUTFILE / INTO DUMPFILE. As a result, an attacker who can influence the tool input (e.g., via prompt injection through a public agent endpoint) may write arbitrary files to the DB server if the MySQL/MariaDB account has the FILE privilege and server configuration permits writes to a useful location (e.g., a web-accessible directory). This issue is fixed in version 2.8.12.
Risk Information
cvss3
Base: 8.2
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
Description
Okta Java Management SDK facilitates interactions with the Okta management API. In versions 11.0.0 through 20.0.0, race conditions may arise from concurrent requests using the ApiClient class. This could cause a status code or response header from one request’s response to influence another request’s response. This issue is fixed in version 20.0.1.
Risk Information
cvss3
Base: 8.4
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L
Description
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. When using versions 4.11.0 through 4.11.2 and 4.12.0, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results. This issue is fixed in versions 4.11.2 and 4.12.1.
Risk Information
cvss3
Base: 5.4
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=turning-point-brands-inc.' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
