AECOM
Company Details
Linkedin ID:
aecom
Website:
Employees number:
74,394
Number of followers:
2,372,600
NAICS:
237
Industry Type:
Homepage:
aecom.com
IP Addresses:
0
Company ID:
AEC_2367159
Scan Status:
In-progress
Internal validation & live display
Multiple badges & continuous verification
Faster underwriting decisions
AECOM Vendor Cyber Rating & Cyber Score
aecom.comAECOM is the global infrastructure leader, committed to delivering a better world. As a trusted professional services firm powered by deep technical abilities, we solve our clients’ complex challenges in water, environment, energy, transportation and buildings. Our teams partner with public- and private-sector clients to create innovative, sustainable and resilient solutions throughout the project lifecycle – from advisory, planning, design and engineering to program and construction management. AECOM is a Fortune 500 firm that had revenue of $16.1 billion in fiscal year 2024. Learn more at aecom.com.
AECOM A.I CyberSecurity Scoring
AECOM Risk Score (AI oriented)Between 750 and 799
AECOM
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
AECOM Global Score (TPRM)XXXX
AECOM
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
AECOM Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
AECOM Technology Corporation
Breach
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: The California Office of the Attorney General reported a data breach involving AECOM Technology Corporation on July 8, 2014. The breach potentially exposed employee personal information, including names, addresses, Social Security numbers, and bank account details, although it is unknown how many individuals were affected.
AECOM Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for AECOM
Incidents vs Civil Engineering Industry Average (This Year)
No incidents recorded for AECOM in 2026.
Incidents vs All-Companies Average (This Year)
No incidents recorded for AECOM in 2026.
Incident Types AECOM vs Civil Engineering Industry Avg (This Year)
No incidents recorded for AECOM in 2026.
Incident History — AECOM (X = Date, Y = Severity)
AECOM cyber incidents detection timeline including parent company and subsidiaries
AECOM Company Subsidiaries
AECOM is the global infrastructure leader, committed to delivering a better world. As a trusted professional services firm powered by deep technical abilities, we solve our clients’ complex challenges in water, environment, energy, transportation and buildings. Our teams partner with public- and private-sector clients to create innovative, sustainable and resilient solutions throughout the project lifecycle – from advisory, planning, design and engineering to program and construction management. AECOM is a Fortune 500 firm that had revenue of $16.1 billion in fiscal year 2024. Learn more at aecom.com.
Loading...
AECOM Similar Companies
Parsons Corporation
Founded in 1944, Parsons Corporation, a digitally enabled solutions provider, is focused on creating the future of the defense, intelligence, and critical infrastructure markets. From Earth to outer space, we deliver tomorrow’s solutions today. Equipped with the capabilities required to take on any
SNC-Lavalin
SNC Lavalin is now AtkinsRéalis. Please follow AtkinsRéalis on LinkedIn. We are a world-class engineering services and nuclear organization. We connect people, data and technology to transform the world’s infrastructure and energy systems. Together, with our industry partners and clients, and our
Egis is a leading global architectural, consulting, construction engineering, operations and mobility services firm. We create and operate intelligent infrastructure and buildings that both respond to the climate emergency and contribute to balanced, sustainable and resilient development. Our 22,00
Epiroc
Performance to succeed today. Technology to lead tomorrow. Epiroc is your partner for mining and infrastructure equipment. We're excited to build on proven expertise and performance with the same people and a bold new drive to make what's good even better. Just like our name ‘Epiroc’ says, we w
Some 45 years ago, we set out with the ambitious goal of providing affordable housing, working to make Brazilian dreams come true. Over the last few years, we have crafted and shaped our story, becoming a brand-leading platform that offers a variety of housing solutions for individuals and families
Mott MacDonald
We are an engineering, management and development consultancy and one of the largest wholly employee-owned firms of our kind. We plan, design, deliver and maintain the transport, energy, water, defence and security, and buildings infrastructure that is integral to people's daily lives. Our core
Ventia
Ventia provides essential services to make infrastructure work for communities in Australia and New Zealand. We pride ourselves on safe and sustainable services for our corporate and government clients across a broad range of sectors, including transport, telecommunications, utilities, defence, wa
Civil Engineer
A civil engineer is a person who practices civil engineering – the application of planning, designing, constructing, maintaining, and operating infrastructures while protecting the public and environmental health, as well as improving existing infrastructures that have been neglected. Civil enginee
Downer
Enabling communities to thrive. It’s what we’ve done for more than 150 years. Solving problems. Making the extraordinary run smoothly every day. We’re keeping the lights on and the water flowing. Running the hospitals that take care of us. Delivering the transport that takes us from A to B. Mainta
.png)
AECOM CyberSecurity News
March 19, 2026 11:11 AM
AECOM awarded position on $151-billion U.S. MDA SHIELD contract
AECOM (NYSE: ACM), the trusted global infrastructure leader, today announced it was awarded a position on the U.S. Missile Defense Agency's...
February 11, 2026 08:00 AM
AECOM to provide detailed design services to support delivery of Sydney Metro West
DALLAS (February 11, 2026) — AECOM, the trusted global infrastructure leader, today announced it will deliver detailed design services for...
January 22, 2026 08:00 AM
Burns & McDonnell Targeted Over Alleged Broken Promise to Use MWBE Firms
A cybersecurity firm that said it was certified to work on a $60-million contract from electric utility Seattle City Light filed suit Jan.
June 23, 2025 07:00 AM
AECOM to accelerate Australia’s energy transition as technical advisor to VicGrid
AECOM will provide technical advice and support for the development and delivery of VicGrid's energy infrastructure program.
May 27, 2025 07:00 AM
AECOM awarded a more than $80 million environmental remediation contract for Vandenberg Space Force Base in California
The 10-year, $81.3-million single award is one of the largest optimized remediation contracts awarded by the USACE Los Angeles District.
May 20, 2025 07:00 AM
Women Know Cyber: 150 Fascinating Females Fighting Cybercrime
Role models for students, parents, educators, and the cybersecurity community Sponsored by Secureworks.
April 23, 2025 07:00 AM
AECOM strengthens U.K. & Ireland Water and Energy platform with acquisition of Scotland-based Allen Gordon LLP
AECOM (NYSE: ACM), the trusted global infrastructure leader, today announced it has acquired Scotland-based Allen Gordon LLP, a leading provider of technical...
April 22, 2025 07:00 AM
AECOM to provide comprehensive technical services for enhanced railway safety across England
AECOM (NYSE: ACM), the trusted global infrastructure leader, today announced it has been awarded a position on Network Rail's Asset Protection (ASPRO) support...
April 08, 2025 07:00 AM
AECOM to support the delivery of landmark capital investment program for Sydney Water
AECOM (NYSE: ACM), the trusted global infrastructure leader, today announced it has been selected as a Design Development Partner for Sydney Water.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
AECOM CyberSecurity History Information
Official Website of AECOM
The official website of AECOM is http://www.aecom.com.
AECOM’s AI-Generated Cybersecurity Score
According to Rankiteo, AECOM’s AI-generated cybersecurity score is 782, reflecting their Fair security posture.
How many security badges does AECOM’ have ?
According to Rankiteo, AECOM currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Has AECOM been affected by any supply chain cyber incidents ?
According to Rankiteo, AECOM has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.
Does AECOM have SOC 2 Type 1 certification ?
According to Rankiteo, AECOM is not certified under SOC 2 Type 1.
Does AECOM have SOC 2 Type 2 certification ?
According to Rankiteo, AECOM does not hold a SOC 2 Type 2 certification.
Does AECOM comply with GDPR ?
According to Rankiteo, AECOM is not listed as GDPR compliant.
Does AECOM have PCI DSS certification ?
According to Rankiteo, AECOM does not currently maintain PCI DSS compliance.
Does AECOM comply with HIPAA ?
According to Rankiteo, AECOM is not compliant with HIPAA regulations.
Does AECOM have ISO 27001 certification ?
According to Rankiteo,AECOM is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of AECOM
AECOM operates primarily in the Civil Engineering industry.
Number of Employees at AECOM
AECOM employs approximately 74,394 people worldwide.
Subsidiaries Owned by AECOM
AECOM presently has no subsidiaries across any sectors.
AECOM’s LinkedIn Followers
AECOM’s official LinkedIn profile has approximately 2,372,600 followers.
NAICS Classification of AECOM
AECOM is classified under the NAICS code 237, which corresponds to Heavy and Civil Engineering Construction.
AECOM’s Presence on Crunchbase
No, AECOM does not have a profile on Crunchbase.
AECOM’s Presence on LinkedIn
Yes, AECOM maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/aecom.
Cybersecurity Incidents Involving AECOM
As of April 04, 2026, Rankiteo reports that AECOM has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
AECOM has an estimated 5,874 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at AECOM ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
Incident Details
Can you provide details on each incident ?
Title: AECOM Technology Corporation Data Breach
Description: The California Office of the Attorney General reported a data breach involving AECOM Technology Corporation on July 8, 2014. The breach potentially exposed employee personal information, including names, addresses, Social Security numbers, and bank account details, although it is unknown how many individuals were affected.
Date Publicly Disclosed: 2014-07-08
Type: Data Breach
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach AEC745072725
Data Compromised: Names, Addresses, Social security numbers, Bank account details
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Names, Addresses, Social Security Numbers, Bank Account Details and .
Which entities were affected by each incident ?
Incident : Data Breach AEC745072725
Entity Name: AECOM Technology Corporation
Entity Type: Corporation
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach AEC745072725
Type of Data Compromised: Names, Addresses, Social security numbers, Bank account details
Sensitivity of Data: High
References
Where can I find more information about each incident ?
Incident : Data Breach AEC745072725
Source: California Office of the Attorney General
Date Accessed: 2014-07-08
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: California Office of the Attorney GeneralDate Accessed: 2014-07-08.
Additional Questions
Incident Details
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2014-07-08.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were names, addresses, Social Security numbers, bank account details and .
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were bank account details, names, Social Security numbers and addresses.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident is California Office of the Attorney General.
.png)
Latest Global CVEs (Not Company-Specific)
Description
nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, two peer-facing consensus request handlers assume that the history index is always available and call blockchain.history_store.history_index().unwrap() directly. That assumption is false by construction. HistoryStoreProxy::history_index() explicitly returns None for the valid HistoryStoreProxy::WithoutIndex state. when a full node is syncing or otherwise running without the history index, a remote peer can send RequestTransactionsProof or RequestTransactionReceiptsByAddress and trigger an Option::unwrap() panic on the request path. This issue has been patched in version 1.3.0.
Risk Information
cvss3
Base: 5.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Description
PraisonAI is a multi-agent teams system. Prior to version 1.5.95, FileTools.download_file() in praisonaiagents validates the destination path but performs no validation on the url parameter, passing it directly to httpx.stream() with follow_redirects=True. An attacker who controls the URL can reach any host accessible from the server including cloud metadata services and internal network services. This issue has been patched in version 1.5.95.
Risk Information
cvss3
Base: 8.6
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Description
PraisonAI is a multi-agent teams system. Prior to version 4.5.97, OAuthManager.validate_token() returns True for any token not found in its internal store, which is empty by default. Any HTTP request to the MCP server with an arbitrary Bearer token is treated as authenticated, granting full access to all registered tools and agent capabilities. This issue has been patched in version 4.5.97.
Risk Information
cvss3
Base: 9.1
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Description
PraisonAI is a multi-agent teams system. Prior to version 4.5.97, the PraisonAI Gateway server accepts WebSocket connections at /ws and serves agent topology at /info with no authentication. Any network client can connect, enumerate registered agents, and send arbitrary messages to agents and their tool sets. This issue has been patched in version 4.5.97.
Risk Information
cvss3
Base: 9.1
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Description
PraisonAI is a multi-agent teams system. Prior to version 4.5.90, MCPToolIndex.search_tools() compiles a caller-supplied string directly as a Python regular expression with no validation, sanitization, or timeout. A crafted regex causes catastrophic backtracking in the re engine, blocking the Python thread for hundreds of seconds and causing a complete service outage. This issue has been patched in version 4.5.90.
Risk Information
cvss3
Base: 6.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=aecom' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
