Boots UK
Company Details
Linkedin ID:
boots
Website:
Employees number:
27,086
Number of followers:
363,516
NAICS:
43
Industry Type:
Homepage:
boots.jobs
IP Addresses:
0
Company ID:
BOO_1382676
Scan Status:
In-progress
Internal validation & live display
Multiple badges & continuous verification
Faster underwriting decisions
Boots UK Vendor Cyber Rating & Cyber Score
boots.jobsBoots is the UK’s leading health and beauty retailer with over 52,000 team members and around 1,800 stores,* ranging from local community pharmacies to large destination health and beauty stores. We serve our customers and patients’ wellbeing for life as the leading provider of healthcare on the high street and the UK’s number one beauty destination. We have an unrivalled depth and breadth of product offering, which incorporates our extensive own brand range and innovative portfolio of brands, including No7, the UK’s No1 skincare brand, Soap & Glory, Liz Earle Beauty and Sleek MakeUP. For over 175 years, we have listened, learned and innovated, and continue to challenge ourselves to improve our products and services every day. *Figures accurate as of 17 July 2025
Boots UK A.I CyberSecurity Scoring
Boots UK Risk Score (AI oriented)Between 750 and 799
Boots UK
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Boots UK Global Score (TPRM)XXXX
Boots UK
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Boots UK Company CyberSecurity News & History
Past Incidents
2
Attack Types
2
Boots UK
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The data breach experienced by the payroll company Zellis affected The BBC, Boots, and British Airways. The BBC is collaborating closely with Zellis as they urgently examine the scope of the data breach at their third-party supplier after becoming aware of it. An unauthenticated attacker might take advantage of the SQL injection vulnerability to access the database of MOVEit Transfer without authorization. The cybersecurity problem at Zellis, which included one of their third-party providers called MOVEit, has been reported to British Airways as having affected them.
Boots UK
Data Leak
Rankiteo Explanation
Attack limited on finance or reputation
Description: Boots had suspended payments using loyalty card points after a cyber attack on its customer database. Hackers broke into Advantage Card accounts to steal customers’ reward points to spend on themselves. The issue affected less than 1% of the company’s 14.4 million active loyalty card users – around 150,000 people. No credit card information had been taken.
Boots UK Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Boots UK
Incidents vs Retail Industry Average (This Year)
No incidents recorded for Boots UK in 2026.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Boots UK in 2026.
Incident Types Boots UK vs Retail Industry Avg (This Year)
No incidents recorded for Boots UK in 2026.
Incident History — Boots UK (X = Date, Y = Severity)
Boots UK cyber incidents detection timeline including parent company and subsidiaries
Boots UK Company Subsidiaries
Boots is the UK’s leading health and beauty retailer with over 52,000 team members and around 1,800 stores,* ranging from local community pharmacies to large destination health and beauty stores. We serve our customers and patients’ wellbeing for life as the leading provider of healthcare on the high street and the UK’s number one beauty destination. We have an unrivalled depth and breadth of product offering, which incorporates our extensive own brand range and innovative portfolio of brands, including No7, the UK’s No1 skincare brand, Soap & Glory, Liz Earle Beauty and Sleek MakeUP. For over 175 years, we have listened, learned and innovated, and continue to challenge ourselves to improve our products and services every day. *Figures accurate as of 17 July 2025
Loading...
Boots UK Similar Companies
Target is one of the world’s most recognized brands — and one of America’s leading retailers — known for bringing joy to everyday life. We create meaningful experiences for our guests by combining value, inspiration and innovation in ways no one else can. Beyond our stores and digital experiences, w
Ahold Delhaize is one of the world’s largest food retail groups, we are a leader in supermarkets and e-commerce, and a company at the forefront of sustainable retailing. Our local brands employ around 393,000 associates in around 9,400 local grocery, small format, and specialty stores. Our family
Stop & Shop
Stop & Shop has been around for more than 100 years. We started small, as a corner grocery store back in 1914. And we’ve grown…a lot. We have more than 50,000 Associates in 350+ stores throughout Massachusetts, Connecticut, Rhode Island, New York, and New Jersey. Through that change, our values have
Ross Stores, Inc.
For the last 40+ years, Ross Stores, Inc. has grown from a six-store chain into an $21.1 billion, Fortune 500 Company. We operate our off-price businesses in a way that keeps costs low so we can pass the savings to our customers. We continue to open new stores and our sales growth has outpaced tradi
BİM Birleşik Mağazalar A.Ş
Türkiye’de perakende sektörünün lideri olan BİM Birleşik Mağazalar A.Ş., temel gıda ve tüketim malzemelerinin uygun fiyat ve yüksek kaliteyle tüketiciye ulaştırılması hedefiyle faaliyetlerine 1995 yılında 21 mağazayla başlamıştır. Yüksek indirim (hard-discount) modelinin Türkiye’deki ilk temsilcisi
Mercadona
Mercadona is a leading company of physical supermarkets in Spain with an online service, with over 1,610 stores and more than 5.9 million households as customers. Additionally, it has 60 stores in Portugal, with a presence in nine different districts. A family-owned company, its objective is to off
Aldi UK
Since arriving in the UK in 1990, we’ve gone on to be one of the biggest (and the highest-paying) supermarkets in the game, with a team of 45,000 colleagues who make Everyday Amazing. We've been crowned the 'Retail Employer of the Year' at the Grocer Gold Awards four times, which is a testament to
Amazon Business
Think there’s a better way to buy for business? So do we. That’s why Amazon Business is changing the world of procurement. We simplify the purchasing process to make it easier for our customers to get the products they need. We solve for our customers’ unmet and undiscovered needs — continuously
Reliance Digital
Reliance Digital is a Consumer Electronics, Durables, IT & Telecom retail arm of Reliance Retail Group with more than 1300+ stores across India. Reliance Digital seeks to fulfill the dream of every Indian, be it through its nationwide network of conveniently located stores or through its presenc
.png)
Boots UK CyberSecurity News
March 30, 2026 07:00 AM
The latest scam alerts from Which?
The scams you need to know about this month, including a fake Evri website and Marriott Hotel impersonation email.
March 02, 2026 08:00 AM
Best Antivirus Software 2026: Expert Tests, Ratings, and all the Top Deals
TechRadar Pro have tested and ranked all the best antivirus software: Bitdefender remains the top choice.
February 10, 2026 08:00 AM
Microsoft is refreshing Secure Boot certificates to plug security holes before they happen — if you bought a PC last year, you should be set
Microsoft is refreshing Secure Boot certificates for Windows PCs. If you bought one in the past year, you should be set, but others should...
January 07, 2026 08:00 AM
CommScope, TI boost secure boot for industrial devices
CommScope launches PRiSM-based secure boot signing for TI AM6x chips, aiming to simplify compliance with tightening industrial cyber rules.
October 27, 2025 07:00 AM
High-Profile Exit: Cybersecurity Stock Gets the Boot, According to Recent SEC Filing
My Personal CFO, LLC fully exited Okta (OKTA 7.67%) in the third quarter, selling 110,367 shares for an estimated $11.03 million,...
October 26, 2025 07:00 AM
M&S ousts Indian outsourcer accused of £300m cyber attack failures
Retailer has not renewed deal with Tata Consultancy Services to run its tech helpdesk.
September 26, 2025 07:00 AM
Cisco's Wave of Actively Exploited Zero-Day Bugs Targets Firewalls, IOS
UPDATE. A host of Cisco devices have been under attack in recent months thanks to zero-day security vulnerabilities affecting millions of...
September 26, 2025 07:00 AM
Cisco Firewall Zero-Days Exploited in China-Linked ArcaneDoor Attacks
Leading to remote code execution and privilege escalation, the flaws were exploited on Cisco ASA 5500-X series devices that lack secure boot...
September 26, 2025 07:00 AM
Cisco ASA Firewall Zero-Day Exploits Deploy RayInitiator and LINE VIPER Malware
The U.K. National Cyber Security Centre (NCSC) has revealed that threat actors have exploited the recently disclosed security flaws...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Boots UK CyberSecurity History Information
Official Website of Boots UK
The official website of Boots UK is http://www.boots.jobs.
Boots UK’s AI-Generated Cybersecurity Score
According to Rankiteo, Boots UK’s AI-generated cybersecurity score is 752, reflecting their Fair security posture.
How many security badges does Boots UK’ have ?
According to Rankiteo, Boots UK currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Has Boots UK been affected by any supply chain cyber incidents ?
According to Rankiteo, Boots UK has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.
Does Boots UK have SOC 2 Type 1 certification ?
According to Rankiteo, Boots UK is not certified under SOC 2 Type 1.
Does Boots UK have SOC 2 Type 2 certification ?
According to Rankiteo, Boots UK does not hold a SOC 2 Type 2 certification.
Does Boots UK comply with GDPR ?
According to Rankiteo, Boots UK is not listed as GDPR compliant.
Does Boots UK have PCI DSS certification ?
According to Rankiteo, Boots UK does not currently maintain PCI DSS compliance.
Does Boots UK comply with HIPAA ?
According to Rankiteo, Boots UK is not compliant with HIPAA regulations.
Does Boots UK have ISO 27001 certification ?
According to Rankiteo,Boots UK is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Boots UK
Boots UK operates primarily in the Retail industry.
Number of Employees at Boots UK
Boots UK employs approximately 27,086 people worldwide.
Subsidiaries Owned by Boots UK
Boots UK presently has no subsidiaries across any sectors.
Boots UK’s LinkedIn Followers
Boots UK’s official LinkedIn profile has approximately 363,516 followers.
NAICS Classification of Boots UK
Boots UK is classified under the NAICS code 43, which corresponds to Retail Trade.
Boots UK’s Presence on Crunchbase
Yes, Boots UK has an official profile on Crunchbase, which can be accessed here: https://www.crunchbase.com/organization/boots-uk-limited.
Boots UK’s Presence on LinkedIn
Yes, Boots UK maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/boots.
Cybersecurity Incidents Involving Boots UK
As of April 02, 2026, Rankiteo reports that Boots UK has experienced 2 cybersecurity incidents.
Number of Peer and Competitor Companies
Boots UK has an estimated 15,730 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Boots UK ?
Incident Types: The types of cybersecurity incidents that have occurred include Data Leak and Breach.
Incident Details
Can you provide details on each incident ?
Title: Boots Loyalty Card Points Theft
Description: Hackers broke into Advantage Card accounts to steal customers’ reward points to spend on themselves.
Type: Data Breach
Attack Vector: Account Compromise
Threat Actor: Unknown Hackers
Motivation: Financial Gain
Title: Data Breach at Zellis Affecting The BBC, Boots, and British Airways
Description: The data breach experienced by the payroll company Zellis affected The BBC, Boots, and British Airways. The BBC is collaborating closely with Zellis as they urgently examine the scope of the data breach at their third-party supplier after becoming aware of it. An unauthenticated attacker might take advantage of the SQL injection vulnerability to access the database of MOVEit Transfer without authorization. The cybersecurity problem at Zellis, which included one of their third-party providers called MOVEit, has been reported to British Airways as having affected them.
Type: Data Breach
Attack Vector: SQL Injection
Vulnerability Exploited: SQL Injection
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through MOVEit Transfer.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach BOO2325221222
Data Compromised: Loyalty Points
Systems Affected: Customer Database
Incident : Data Breach BOO74919923
Systems Affected: MOVEit Transfer
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Loyalty Points.
Which entities were affected by each incident ?
Incident : Data Breach BOO2325221222
Entity Name: Boots
Entity Type: Retail
Industry: Pharmacy and Healthcare
Size: Large
Customers Affected: 150,000
Incident : Data Breach BOO74919923
Entity Name: British Airways
Entity Type: Airline
Industry: Aviation
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach BOO2325221222
Type of Data Compromised: Loyalty Points
Number of Records Exposed: 150,000
Sensitivity of Data: Low
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Data Breach BOO74919923
Entry Point: MOVEit Transfer
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident was an Unknown Hackers.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident was Loyalty Points.
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was MOVEit Transfer.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach was Loyalty Points.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 150.0K.
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker was an MOVEit Transfer.
.png)
Latest Global CVEs (Not Company-Specific)
Description
A vulnerability was found in Nothings stb up to 1.26. Impacted is the function stbtt_InitFont_internal in the library stb_truetype.h of the component TTF File Handler. Performing a manipulation results in out-of-bounds read. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Risk Information
cvss2
Base: 5.0
Severity: LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
cvss3
Base: 4.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read in VS6ComFile!get_macro_mem_COM. Opening a crafted V7 file may lead to information disclosure from the affected product.
Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
V-SFT versions 6.2.10.0 and prior contain a stack-based buffer overflow in VS6ComFile!CSaveData::_conv_AnimationItem. Opening a crafted V7 file may lead to arbitrary code execution on the affected product.
Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulnerability in VS6MemInIF!set_temp_type_default. Opening a crafted V7 file may lead to information disclosure from the affected product.
Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulnerability in VS6ComFile!load_link_inf. Opening a crafted V7 file may lead to information disclosure from the affected product.
Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=boots' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
