UPS
Company Details
Linkedin ID:
ups
Website:
Employees number:
162,396
Number of followers:
2,147,697
NAICS:
484
Industry Type:
Homepage:
ups.com
IP Addresses:
0
Company ID:
UPS_1635328
Scan Status:
In-progress
UPS Company CyberSecurity Posture
ups.com
Operating in more than 200 countries and territories, we’re committed to moving our world forward by delivering what matters. Beginning as a small messenger service, UPS was started by two enterprising teenagers and a $100 loan. Now, we’re almost 500,000 UPSers strong, with operations around the globe. As a transportation and logistics leader, we are proud to offer innovative solutions to our customers—both big and small. We also support the communities we serve. Just take a look at The UPS Foundation’s social impact report! Headquartered in Atlanta, we can be found on the web at ups.com and about.ups.com. Job seekers can visit upsjobs.com to learn more. Our active social media channels include Facebook, Instagram, Twitter, YouTube, and TikTok. Facebook: www.facebook.com/ups Instagram: www.instagram.com/ups/ Twitter: www.twitter.com/ups TikTok: UPS YouTube: www.youtube.com/ups Website https://about.ups.com/ The UPS Foundation’s social impact report: https://about.ups.com/us/en/social-impact/reporting/the-ups-foundations-social-impact-report.html Career Site upsjobs.com
UPS A.I CyberSecurity Scoring
UPS Risk Score (AI oriented)Between 800 and 849
UPS
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
UPS Global Score (TPRM)XXXX
UPS
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
UPS Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
UPS
Data Leak
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: UPS found that between February 2022 and April 2023, the perpetrators of the persistent SMS phishing campaign used its package look-up capabilities to obtain access to delivery information, including the recipients' personal contact information. The company has now put protections in place to limit access to this sensitive data in order to combat these sophisticated phishing attacks. The recipient's name, the address to which the box was being shipped, and possibly the phone number and order number were all available information through the parcel look-up facilities. In order to maintain transparency and raise awareness of the issue, UPS will notify people whose information may have been compromised.
UPS Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for UPS
Incidents vs Truck Transportation Industry Average (This Year)
No incidents recorded for UPS in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for UPS in 2025.
Incident Types UPS vs Truck Transportation Industry Avg (This Year)
No incidents recorded for UPS in 2025.
Incident History — UPS (X = Date, Y = Severity)
UPS cyber incidents detection timeline including parent company and subsidiaries
UPS Company Subsidiaries
Operating in more than 200 countries and territories, we’re committed to moving our world forward by delivering what matters. Beginning as a small messenger service, UPS was started by two enterprising teenagers and a $100 loan. Now, we’re almost 500,000 UPSers strong, with operations around the globe. As a transportation and logistics leader, we are proud to offer innovative solutions to our customers—both big and small. We also support the communities we serve. Just take a look at The UPS Foundation’s social impact report! Headquartered in Atlanta, we can be found on the web at ups.com and about.ups.com. Job seekers can visit upsjobs.com to learn more. Our active social media channels include Facebook, Instagram, Twitter, YouTube, and TikTok. Facebook: www.facebook.com/ups Instagram: www.instagram.com/ups/ Twitter: www.twitter.com/ups TikTok: UPS YouTube: www.youtube.com/ups Website https://about.ups.com/ The UPS Foundation’s social impact report: https://about.ups.com/us/en/social-impact/reporting/the-ups-foundations-social-impact-report.html Career Site upsjobs.com
Loading...
UPS Similar Companies
Total Quality Logistics
The logistics industry is a $500 billion market. With annual sales over $8 billion, Total Quality Logistics (TQL) is one of the largest freight brokerage firms in the nation. TQL connects customers with truckload freight that needs to be moved with quality carriers who have the capacity to move it.
Transport for NSW
We’re an innovative NSW government organisation comprised of a network of agencies and divisions that keep the state moving. Our focus is on delivering safe, reliable and integrated transport networks for everyone. With over 28,000 team members, we’re committed to inclusion, diversity, and opportun
J.B. Hunt Transport Services, Inc.
J.B. Hunt Transport, Inc. is a Fortune 300 company that specializes in freight shipping for customers of all sizes. Our mission is to drive long-term value for our people, customers and shareholders while staying focused on our vision to create the most efficient transportation network in North Amer
Schneider
Put us on the job and consider it done. Schneider is a premier provider of transportation and logistics services headquartered in Green Bay, Wisconsin, and with offices in Chicago, Dallas and many cities in between. Offering one of the broadest portfolios in the industry, Schneider’s solutions inclu
Penske Logistics
Penske Logistics is a Penske Transportation Solutions company headquartered in Reading, Pennsylvania. The company is a leading provider of innovative supply chain and logistics solutions. Penske offers solutions including dedicated transportation, distribution center management, lead logistics, frei
Exolgan Container Terminal
EXOLGAN, es la mayor Terminal de Contenedores de la República Argentina. Ubicada en Dock Sud, Avellaneda, sobre un predio de 50 hectáreas y con 1.200 mts lineales de muelle, es el principal operador en el Comercio Exterior de la carga Containerizada que ingresa y egresa de nuestro País. El servic
CLW GROUP TRUCK
CLW GROUP TRUCK produce trucks specially for you,we are the biggest special trucks manufacturer in China,you can find all kinds of the special trucks produced in our factory ,and you can also send us the drawings and the requirement details to produced specially for you . In our factory you can f
Penske Truck Leasing
Penske Truck Leasing is a Penske Transportation Solutions company headquartered in Reading, Pennsylvania. A leading provider of innovative transportation solutions, Penske operates and maintains more than 400,000 vehicles and serves its customers from nearly 1,000 maintenance facilities and more tha
XPO
XPO provides world-class transportation solutions to the most successful companies in the world. We have a high-energy team around the globe focused on being the best in the industry. Given the scope of our business, there are opportunities to do satisfying work in many different fields, and at all
.png)
UPS CyberSecurity News
November 25, 2025 02:18 PM
JackFix Uses Fake Windows Update Pop-Ups on Adult Sites to Deliver Multiple Stealers
Cybersecurity researchers are calling attention to a new campaign that's leveraging a combination of ClickFix lures and fake adult websites...
November 06, 2025 08:00 AM
EIF and Invest‑NL back €80M TIN Capital fund fueling Europe’s cybersecurity scale‑ups
With more than €80 million in commitment and backing from prominent investors, TIN Capital's Fund V is positioned to ride the next wave of...
November 03, 2025 08:00 AM
PNP ups cybersecurity measures amid possible DDoS cyberattacks
PNP ups cybersecurity measures amid possible DDoS cyberattacks ... MANILA – The Philippine National Police (PNP) on Monday said it continues to...
November 02, 2025 07:00 AM
India’s cybersecurity ecosystem: 400 plus start-ups driving a 20 Billion dollar industry
India's cybersecurity ecosystem: 400 plus start-ups driving a 20 Billion dollar industry · The 400 plus start-up number indicates that the...
October 30, 2025 07:00 AM
India's cybersecurity industry is worth $20B, powered by 400+ start-ups
India is fast becoming a global leader in cybersecurity, with over 400 start-ups and a workforce of more than 650,000 professionals.
October 17, 2025 07:00 AM
Vulnerabilities Allow Disruption of Phoenix Contact UPS Devices
Phoenix Contact this week announced patches for several vulnerabilities affecting its QUINT4 uninterruptible power supply (UPS) products.
October 07, 2025 07:00 AM
Mindgard Ups the Ante for Security of AI – Appoints Proven Cybersecurity Leader James Brear to Capture Expanding Market Opportunity
Mindgard Ups the Ante for Security of AI – Appoints Proven Cybersecurity Leader James Brear to Capture Expanding Market Opportunity ... BOSTON--(...
October 07, 2025 07:00 AM
Kerala cyber security summit to focus on MSMEs, start-ups
The summit is being organised by F9 Infotech, a global multi-cloud and cyber security firm, in association with the State Government and the...
September 30, 2025 07:00 AM
Cyberstarts launches $380M fund to double down on cybersecurity scale-ups
Founded in 2018 by investor Gili Raanan, Cyberstarts has built a reputation for making high-conviction bets at the earliest stages of company...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
UPS CyberSecurity History Information
Official Website of UPS
The official website of UPS is https://about.ups.com/.
UPS’s AI-Generated Cybersecurity Score
According to Rankiteo, UPS’s AI-generated cybersecurity score is 807, reflecting their Good security posture.
How many security badges does UPS’ have ?
According to Rankiteo, UPS currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does UPS have SOC 2 Type 1 certification ?
According to Rankiteo, UPS is not certified under SOC 2 Type 1.
Does UPS have SOC 2 Type 2 certification ?
According to Rankiteo, UPS does not hold a SOC 2 Type 2 certification.
Does UPS comply with GDPR ?
According to Rankiteo, UPS is not listed as GDPR compliant.
Does UPS have PCI DSS certification ?
According to Rankiteo, UPS does not currently maintain PCI DSS compliance.
Does UPS comply with HIPAA ?
According to Rankiteo, UPS is not compliant with HIPAA regulations.
Does UPS have ISO 27001 certification ?
According to Rankiteo,UPS is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of UPS
UPS operates primarily in the Truck Transportation industry.
Number of Employees at UPS
UPS employs approximately 162,396 people worldwide.
Subsidiaries Owned by UPS
UPS presently has no subsidiaries across any sectors.
UPS’s LinkedIn Followers
UPS’s official LinkedIn profile has approximately 2,147,697 followers.
NAICS Classification of UPS
UPS is classified under the NAICS code 484, which corresponds to Truck Transportation.
UPS’s Presence on Crunchbase
No, UPS does not have a profile on Crunchbase.
UPS’s Presence on LinkedIn
Yes, UPS maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/ups.
Cybersecurity Incidents Involving UPS
As of December 11, 2025, Rankiteo reports that UPS has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
UPS has an estimated 5,558 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at UPS ?
Incident Types: The types of cybersecurity incidents that have occurred include Data Leak.
How does UPS detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an remediation measures with put protections in place to limit access to sensitive data, and communication strategy with notify affected individuals..
Incident Details
Can you provide details on each incident ?
Title: UPS Data Breach via SMS Phishing Campaign
Description: UPS discovered that between February 2022 and April 2023, attackers used its package look-up capabilities to access delivery information, including recipients' personal contact information.
Date Detected: February 2022
Type: Data Breach
Attack Vector: SMS Phishing
Vulnerability Exploited: Package look-up capabilities
Motivation: Data Theft
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Data Leak.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Package look-up capabilities.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach UPS134025623
Data Compromised: Recipient's name, Shipping address, Phone number, Order number
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Personal Contact Information, Delivery Information and .
Which entities were affected by each incident ?
Incident : Data Breach UPS134025623
Entity Name: UPS
Entity Type: Organization
Industry: Logistics and Delivery
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach UPS134025623
Remediation Measures: Put protections in place to limit access to sensitive data
Communication Strategy: Notify affected individuals
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach UPS134025623
Type of Data Compromised: Personal contact information, Delivery information
Personally Identifiable Information: Recipient's nameShipping addressPhone number
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Put protections in place to limit access to sensitive data, .
Investigation Status
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Notify Affected Individuals.
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Data Breach UPS134025623
Entry Point: Package look-up capabilities
Additional Questions
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on February 2022.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Recipient's name, Shipping address, Phone number, Order number and .
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Order number, Shipping address, Recipient's name and Phone number.
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker was an Package look-up capabilities.
.png)
Latest Global CVEs (Not Company-Specific)
Description
FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions prior to 16.0.96 and 17.0.1 through 17.0.9 have a weak default password. By default, this is a 6 digit numeric value which can be brute forced. (This is the app_password parameter). Depending on local configuration, this password could be the extension, voicemail, user manager, DPMA or EPM phone admin password. This issue is fixed in versions 16.0.96 and 17.0.10.
Risk Information
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Neuron is a PHP framework for creating and orchestrating AI Agents. In versions 2.8.11 and below, the MySQLWriteTool executes arbitrary SQL provided by the caller using PDO::prepare() + execute() without semantic restrictions. This is consistent with the name (“write tool”), but in an LLM/agent context it becomes a high-risk capability: prompt injection or indirect prompt manipulation can cause execution of destructive queries such as DROP TABLE, TRUNCATE, DELETE, ALTER, or privilege-related statements (subject to DB permissions). Deployments that expose an agent with MySQLWriteTool enabled to untrusted input and/or run the tool with a DB user that has broad privileges are impacted. This issue is fixed in version 2.8.12.
Risk Information
cvss3
Base: 9.4
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
Description
Neuron is a PHP framework for creating and orchestrating AI Agents. Versions 2.8.11 and below use MySQLSelectTool, which is vulnerable to Read-Only Bypass. MySQLSelectTool is intended to be a read-only SQL tool (e.g., for LLM agent querying, however, validation based on the first keyword (e.g., SELECT) and a forbidden-keyword list does not block file-writing constructs such as INTO OUTFILE / INTO DUMPFILE. As a result, an attacker who can influence the tool input (e.g., via prompt injection through a public agent endpoint) may write arbitrary files to the DB server if the MySQL/MariaDB account has the FILE privilege and server configuration permits writes to a useful location (e.g., a web-accessible directory). This issue is fixed in version 2.8.12.
Risk Information
cvss3
Base: 8.2
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
Description
Okta Java Management SDK facilitates interactions with the Okta management API. In versions 11.0.0 through 20.0.0, race conditions may arise from concurrent requests using the ApiClient class. This could cause a status code or response header from one request’s response to influence another request’s response. This issue is fixed in version 20.0.1.
Risk Information
cvss3
Base: 8.4
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L
Description
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. When using versions 4.11.0 through 4.11.2 and 4.12.0, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results. This issue is fixed in versions 4.11.2 and 4.12.1.
Risk Information
cvss3
Base: 5.4
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=ups' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
