Centrica
Company Details
Linkedin ID:
centrica
Website:
Employees number:
18,421
Number of followers:
160,573
NAICS:
22
Industry Type:
Homepage:
centrica.com
IP Addresses:
5
Company ID:
CEN_2520795
Scan Status:
Completed
Internal validation & live display
Multiple badges & continuous verification
Faster underwriting decisions
Centrica Vendor Cyber Rating & Cyber Score
centrica.comCentrica is an international energy services and solutions company, founded on a 200-year heritage of serving customers in homes and businesses. We supply energy and services to over 10 million customers, mainly in the UK and Ireland, through brands such as British Gas, Bord Gáis Energy and Centrica Business Solutions. Through our trusted brands, we deliver innovative energy and services solutions to help solve customers’ needs, supported by thousands of engineers and technicians. We are committed to energising a greener, fairer future.
Centrica A.I CyberSecurity Scoring
Centrica Risk Score (AI oriented)Between 750 and 799
Centrica
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Centrica Global Score (TPRM)XXXX
Centrica
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Centrica Company CyberSecurity News & History
Past Incidents
2
Attack Types
2
Direct Energy LP
Ransomware
Rankiteo Explanation
Attack threatening the organization's existence
Description: The Maine Office of the Attorney General reported that Direct Energy LP experienced a data breach on November 3, 2020, due to a ransomware attack affecting approximately 249,669 individuals. The breach involved customer personal information, including financial account numbers. Written notifications to affected individuals were issued between December 2 and December 22, 2020, and identity theft protection services were offered for 24 months through Experian.
British Gas
Data Leak
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: British Gas has already notified 2,200 customers about the data breach, and data belonging to 1000 of its customers has been exposed online. Email addresses and account passwords were among the client records that were exposed online; the account information was uploaded to the internet text-sharing platform Pastebin. The business said that based on their research, they are positive that British Gas is not the source of the information that surfaced online. Security experts believe that someone may have used customer account information from British Gas to test other data breaches and get access to enterprise accounts.
Centrica Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Centrica
Incidents vs Utilities Industry Average (This Year)
No incidents recorded for Centrica in 2026.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Centrica in 2026.
Incident Types Centrica vs Utilities Industry Avg (This Year)
No incidents recorded for Centrica in 2026.
Incident History — Centrica (X = Date, Y = Severity)
Centrica cyber incidents detection timeline including parent company and subsidiaries
Centrica Company Subsidiaries
Centrica is an international energy services and solutions company, founded on a 200-year heritage of serving customers in homes and businesses. We supply energy and services to over 10 million customers, mainly in the UK and Ireland, through brands such as British Gas, Bord Gáis Energy and Centrica Business Solutions. Through our trusted brands, we deliver innovative energy and services solutions to help solve customers’ needs, supported by thousands of engineers and technicians. We are committed to energising a greener, fairer future.
Loading...
Centrica Similar Companies
NextEra Energy, Inc.
NextEra Energy, Inc. (NYSE: NEE) is one of the largest electric power and energy infrastructure companies in North America and is a leading provider of electricity to American homes and businesses. Headquartered in Juno Beach, Florida, NextEra Energy is a Fortune 200 company that owns Florida Power
Company profile Eskom Holdings generates, transports and distributes approximately 95% of South Africa’s electricity – making up 60% of the total electricity consumed on the African continent. Eskom is the world’s eleventh-largest power utility in terms of generating capacity, ranks ninth in term
NTPC Limited is India’s largest power generation utility with roots planted way back in 1975 to accelerate power development in India. Since then it has established itself as the dominant power major with a presence in the entire value chain of the power generation business. From fossil fuels, it ha
As one of the nation’s largest electric utilities, we’re bringing more clean and renewable sources of energy to Southern California. From energy storage to transportation electrification, our employees are working on innovative projects that will help cut emissions and greenhouse gases to provide
Exelon
Exelon Corporation (Nasdaq: EXC) is one of the nation’s largest utility companies, serving more than 10 million customers through six fully regulated utilities. We believe that reliable and affordable energy is essential to a brighter, more sustainable future. We are a FORTUNE 250 company operating
PT PLN (Persero)
Indonesia State Electricity Corporation PLN has a long history in electricity industry of Indonesia. As the sole provider of electricity in Indonesia, PLN is striving to increase quality of services to all Indonesian. In 1972, in accordance with Government Regulation No.17, the State-owned Electric
Hitachi Energy is a global technology leader in electrification, powering a sustainable energy future with innovative power grid technologies with digital at the core. Over three billion people depend on our technologies to power their daily lives. With over a century in pioneering mission-critical
British Gas
Taking care of things. At British Gas we’re always looking at new ways to save energy and money for our customers. Everything we do from our trusted engineers to helpful call centre agents, and innovative product owners to digital marketing specialists, is about providing affordable, hassle-free s
At Entergy (NYSE: ETR), we power life. More than 100 years ago, our founder Harvey Couch started this company with a handshake, some sawdust and a vision. Couch wanted to bring safe, affordable, reliable energy to the Middle South – energy that would power the lives of people and communities. Toda
.png)
Centrica CyberSecurity News
November 24, 2025 08:00 AM
After Tenable exit, Indegy founders raise $20M Seed for Opti to tame access sprawl
Opti, an AI-native identity security startup founded in 2024, has raised a $20 million Seed round as enterprises confront mounting...
July 26, 2022 10:19 AM
Capgemini migrates Centrica’s ERP platform to the AWS Cloud
Capgemini enabled Centrica to become more agile, lower costs, and achieve sustainability goals with Amazon Web Services platform.
July 20, 2020 07:00 AM
Yaniv Vardi announced as Claroty’s new CEO
Cyber company Claroty Ltd., part of the Team8 venture group, announced on Monday that it has appointed Yaniv Vardi as the company's new CEO.
December 03, 2019 08:00 AM
Tenable Acquires Cybersecurity company Indegy
Indegy provides cybersecurity technology for industrial control systems for manufacturing, pharmaceuticals, energy, and water companies.
August 05, 2019 07:00 AM
An Entrepreneur Is Like a Professional Basketball Player, Says Serial Entrepreneur Shlomo Kramer
Kramer, who previously co-founded firewall pioneer Check Point, cybersecurity company Imperva, and anti-fraud company Trusteer,...
October 14, 2018 07:00 AM
Leading tech companies support code to strengthen security of internet-connected devices
Tech companies HP Inc. and Centrica Hive Ltd are the first companies to sign up to commit to the code. The code will ensure that businesses...
August 30, 2018 07:00 AM
Zadara Storage Raises $25 Million to Expand Cloud Storage Offering
Israel-based Zadara offers enterprises software-defined data storage in the cloud, with customizable variables such as memory capacity,...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Centrica CyberSecurity History Information
Official Website of Centrica
The official website of Centrica is http://www.centrica.com.
Centrica’s AI-Generated Cybersecurity Score
According to Rankiteo, Centrica’s AI-generated cybersecurity score is 786, reflecting their Fair security posture.
How many security badges does Centrica’ have ?
According to Rankiteo, Centrica currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Has Centrica been affected by any supply chain cyber incidents ?
According to Rankiteo, Centrica has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.
Does Centrica have SOC 2 Type 1 certification ?
According to Rankiteo, Centrica is not certified under SOC 2 Type 1.
Does Centrica have SOC 2 Type 2 certification ?
According to Rankiteo, Centrica does not hold a SOC 2 Type 2 certification.
Does Centrica comply with GDPR ?
According to Rankiteo, Centrica is not listed as GDPR compliant.
Does Centrica have PCI DSS certification ?
According to Rankiteo, Centrica does not currently maintain PCI DSS compliance.
Does Centrica comply with HIPAA ?
According to Rankiteo, Centrica is not compliant with HIPAA regulations.
Does Centrica have ISO 27001 certification ?
According to Rankiteo,Centrica is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Centrica
Centrica operates primarily in the Utilities industry.
Number of Employees at Centrica
Centrica employs approximately 18,421 people worldwide.
Subsidiaries Owned by Centrica
Centrica presently has no subsidiaries across any sectors.
Centrica’s LinkedIn Followers
Centrica’s official LinkedIn profile has approximately 160,573 followers.
NAICS Classification of Centrica
Centrica is classified under the NAICS code 22, which corresponds to Utilities.
Centrica’s Presence on Crunchbase
Yes, Centrica has an official profile on Crunchbase, which can be accessed here: https://www.crunchbase.com/organization/centrica.
Centrica’s Presence on LinkedIn
Yes, Centrica maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/centrica.
Cybersecurity Incidents Involving Centrica
As of April 01, 2026, Rankiteo reports that Centrica has experienced 2 cybersecurity incidents.
Number of Peer and Competitor Companies
Centrica has an estimated 4,343 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Centrica ?
Incident Types: The types of cybersecurity incidents that have occurred include Data Leak and Ransomware.
How does Centrica detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an communication strategy with customer notification, and third party assistance with experian, and communication strategy with written notifications to affected individuals..
Incident Details
Can you provide details on each incident ?
Title: British Gas Data Breach
Description: British Gas has notified 2,200 customers about a data breach where data belonging to 1,000 customers was exposed online. Email addresses and account passwords were among the client records that were exposed on the internet text-sharing platform Pastebin. The business believes that British Gas is not the source of the information that surfaced online. Security experts suggest that customer account information from British Gas might have been used to test other data breaches and gain access to enterprise accounts.
Type: Data Breach
Attack Vector: Credential Stuffing
Motivation: Unauthorized Access
Title: Direct Energy LP Data Breach
Description: The Maine Office of the Attorney General reported that Direct Energy LP experienced a data breach on November 3, 2020, due to a ransomware attack affecting approximately 249,669 individuals. The breach involved customer personal information, including financial account numbers. Written notifications to affected individuals were issued between December 2 and December 22, 2020, and identity theft protection services were offered for 24 months through Experian.
Date Detected: 2020-11-03
Type: Data Breach
Attack Vector: Ransomware
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Ransomware.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach BRI1212261023
Data Compromised: Email addresses, Account passwords
Incident : Data Breach DIR1041072525
Data Compromised: Customer personal information, Financial account numbers
Identity Theft Risk: High
Payment Information Risk: High
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Email Addresses, Account Passwords, , Customer Personal Information, Financial Account Numbers and .
Which entities were affected by each incident ?
Incident : Data Breach BRI1212261023
Entity Name: British Gas
Entity Type: Company
Industry: Energy
Location: United Kingdom
Customers Affected: 2200
Incident : Data Breach DIR1041072525
Entity Name: Direct Energy LP
Entity Type: Company
Industry: Energy
Customers Affected: 249669
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach BRI1212261023
Communication Strategy: Customer Notification
Incident : Data Breach DIR1041072525
Third Party Assistance: Experian
Communication Strategy: Written notifications to affected individuals
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through Experian.
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach BRI1212261023
Type of Data Compromised: Email addresses, Account passwords
Number of Records Exposed: 1000
Personally Identifiable Information: Email addresses
Incident : Data Breach DIR1041072525
Type of Data Compromised: Customer personal information, Financial account numbers
Number of Records Exposed: 249669
Sensitivity of Data: High
Personally Identifiable Information: Yes
References
Where can I find more information about each incident ?
Incident : Data Breach DIR1041072525
Source: Maine Office of the Attorney General
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Maine Office of the Attorney General.
Investigation Status
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Customer Notification and Written notifications to affected individuals.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Data Breach BRI1212261023
Customer Advisories: Customer Notification
Incident : Data Breach DIR1041072525
Customer Advisories: Identity theft protection services offered for 24 months through Experian
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Customer Notification, and Identity theft protection services offered for 24 months through Experian.
Post-Incident Analysis
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Experian.
Additional Questions
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2020-11-03.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Email addresses, Account passwords, , Customer personal information, Financial account numbers and .
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was Experian.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Account passwords, Customer personal information, Email addresses and Financial account numbers.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 1.0K.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident is Maine Office of the Attorney General.
Stakeholder and Customer Advisories
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued were an Customer Notification and Identity theft protection services offered for 24 months through Experian.
.png)
Latest Global CVEs (Not Company-Specific)
Description
A security flaw has been discovered in itsourcecode Payroll Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /manage_user.php of the component Parameter Handler. Performing a manipulation of the argument ID results in sql injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks.
Risk Information
cvss2
Base: 7.5
Severity: LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
cvss3
Base: 7.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A vulnerability was identified in Axiomatic Bento4 up to 1.6.0-641. Affected is the function AP4_BitReader::SkipBits of the file Ap4Dac4Atom.cpp of the component DSI v1 Parser. Such manipulation of the argument n_presentations leads to heap-based buffer overflow. The attack needs to be performed locally. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.
Risk Information
cvss2
Base: 4.3
Severity: LOW
AV:L/AC:L/Au:S/C:P/I:P/A:P
cvss3
Base: 5.3
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 4.8
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A vulnerability was determined in Axiomatic Bento4 up to 1.6.0-641. This impacts the function AP4_BitReader::ReadCache of the file Ap4Dac4Atom.cpp of the component MP4 File Parser. This manipulation causes heap-based buffer overflow. The attack needs to be launched locally. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.
Risk Information
cvss2
Base: 4.3
Severity: LOW
AV:L/AC:L/Au:S/C:P/I:P/A:P
cvss3
Base: 5.3
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 4.8
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is a heap-buffer-overflow (HBO) in icAnsiToUtf8() in the XML conversion path. The issue is triggered by a crafted ICC profile which causes icAnsiToUtf8(std::string&, char const*) to treat an input buffer as a C-string and call operations that rely on strlen()/null-termination. AddressSanitizer reports an out-of-bounds READ of size 115 past a 114-byte heap allocation, with the failure observed while running the iccToXml tool. This issue has been patched in version 2.3.1.6.
Risk Information
cvss3
Base: 6.2
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Description
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is a stack-buffer-overflow (SBO) in CIccTagFixedNum<>::GetValues() and a related bug chain. The primary crash is an AddressSanitizer-reported WRITE of size 4 that overflows a 4-byte stack variable (rv) via the call chain CIccTagFixedNum::GetValues() -> CIccTagStruct::GetElemNumberValue(). This issue has been patched in version 2.3.1.6.
Risk Information
cvss3
Base: 6.2
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References
- https://github.com/InternationalColorConsortium/iccDEV/issues/696
- https://github.com/InternationalColorConsortium/iccDEV/issues/697
- https://github.com/InternationalColorConsortium/iccDEV/issues/698
- https://github.com/InternationalColorConsortium/iccDEV/issues/703
- https://github.com/InternationalColorConsortium/iccDEV/pull/739
- https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-983c-rgh5-4982
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=centrica' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
