CGI
Company Details
Linkedin ID:
cgi
Website:
Employees number:
70,253
Number of followers:
1,865,028
NAICS:
5415
Industry Type:
Homepage:
cgi.com
IP Addresses:
0
Company ID:
CGI_1885774
Scan Status:
In-progress
Internal validation & live display
Multiple badges & continuous verification
Faster underwriting decisions
CGI Vendor Cyber Rating & Cyber Score
cgi.comInsights you can act on. Founded in 1976, CGI is among the largest IT and business consulting services firms in the world. We are insights-driven and outcomes-focused to help accelerate returns on your investments. Across hundreds of locations worldwide, we provide comprehensive, scalable and sustainable IT and business consulting services that are informed globally and delivered locally. We value your opinions and welcome your comments and questions on our posts here on LinkedIn. Please keep a polite, professional and constructive tone. We remove comments containing objectionable language and derogatory views. We do not allow content that is unrelated to the subject, and we remove discriminatory and racist comments as well as spam and advertising. Note that content on this page contains general information regarding CGI’s services and initiatives and should not be considered direct business advice. To engage in a discussion with one of our experts, please make a request through https://www.cgi.com/en/contact-us
CGI A.I CyberSecurity Scoring
CGI Risk Score (AI oriented)Between 700 and 749
CGI
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
CGI Global Score (TPRM)XXXX
CGI
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
CGI Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
CGI Sverige: Sweden probes reported leak of e-government platform source code
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Swedish E-Government Platform Source Code Leaked in Suspected Cyberattack A threat actor known as *ByteToBreach* has claimed responsibility for leaking source code and sensitive materials tied to Sweden’s e-government infrastructure, triggering an investigation by Swedish authorities and an incident response from CGI Sverige, the local subsidiary of global IT firm CGI Group. The breach, first reported on Thursday by cybersecurity accounts on X and local media, allegedly exposed internal files, including source code, configuration files, staff databases, and potentially citizens’ personally identifiable information (PII). While CGI confirmed the incident involved two non-production test servers in Sweden stating that no customer production data or operational services were impacted Sweden’s civil defense minister, Carl-Oskar Bohlin, acknowledged the leak and said authorities, including CERT-SE and the National Cyber Security Center, are working to identify the perpetrators. Security experts, including IT specialist Anders Nilsson, reviewed the leaked materials and deemed them authentic, noting the presence of source code for multiple programs. The breach raises concerns given Sweden’s heavy reliance on e-government services, with 95% of its 10.7 million population using such platforms in 2024, per Eurostat data. Threat intelligence platform *Threat Landscape* linked *ByteToBreach* to a prior attack on Viking Line, suggesting an ongoing campaign targeting Swedish and European infrastructure via CGI’s managed services. While the full extent of the leak remains unverified, researchers warn that exposed code or documentation could enable follow-on attacks if vulnerabilities are identified. CGI has not publicly detailed the full scope of the compromised data.
CGI Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for CGI
Incidents vs IT Services and IT Consulting Industry Average (This Year)
CGI has 40.12% fewer incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
CGI has 15.25% fewer incidents than the average of all companies with at least one recorded incident.
Incident Types CGI vs IT Services and IT Consulting Industry Avg (This Year)
CGI reported 1 incidents this year: 0 cyber attacks, 0 ransomware, 0 vulnerabilities, 1 data breaches, compared to industry peers with at least 1 incident.
Incident History — CGI (X = Date, Y = Severity)
CGI cyber incidents detection timeline including parent company and subsidiaries
CGI Company Subsidiaries
Insights you can act on. Founded in 1976, CGI is among the largest IT and business consulting services firms in the world. We are insights-driven and outcomes-focused to help accelerate returns on your investments. Across hundreds of locations worldwide, we provide comprehensive, scalable and sustainable IT and business consulting services that are informed globally and delivered locally. We value your opinions and welcome your comments and questions on our posts here on LinkedIn. Please keep a polite, professional and constructive tone. We remove comments containing objectionable language and derogatory views. We do not allow content that is unrelated to the subject, and we remove discriminatory and racist comments as well as spam and advertising. Note that content on this page contains general information regarding CGI’s services and initiatives and should not be considered direct business advice. To engage in a discussion with one of our experts, please make a request through https://www.cgi.com/en/contact-us
Loading...
CGI Similar Companies
Appen
Appen has been a leader in AI training data for over 25 years, providing high-quality, diverse datasets that power the world's leading AI models. Our end-to-end platform, deep expertise, and scalable human-in-the-loop services enable AI innovators to build and optimize cutting-edge models. We spec
NCS Group
NCS, a subsidiary of Singtel Group, is a leading technology services firm with presence in Asia Pacific and partners with governments and enterprises to advance communities through technology. Combining the experience and expertise of its 14,000-strong team across 56 specialisations, NCS provides di
Samsung SDS
Samsung SDS provides cloud computing and digital logistics services. We build an optimized cloud environment with Samsung Cloud Platform specialized for businesses, provide all-in-one management service based on 38 years of expertise in each industry, and boost work efficiency and customer service w
Neobpo
Somos especializados em integrar tecnologia com inteligência humana, oferecendo soluções digitais que promovem transformação e eficiência operacional. Nosso foco é gerar valor por meio de resultados reais, utilizando inteligência digital para atender às necessidades específicas de cada cliente. Merg
AeC
A AeC é apontada consistentemente como a líder brasileira na entrega de soluções de experiência do cliente e gestão de processos terceirizados. Servindo as principais marcas do mercado nacional, conquistou nos três últimos anos a posição de Empresa do Ano de BPO pela conceituada Frost and Sullivan
Reply
Reply [EXM, STAR: REY] specialises in the design and implementation of solutions based on new communication channels and digital media. As a network of highly specialised companies, Reply defines and develops business models enabled by the new models of AI, big data, cloud computing, digital media a
Infosys BPM
Infosys BPM Ltd., the business process management subsidiary of Infosys Ltd. (NYSE: INFY), was set up in April 2002. Infosys BPM focuses on integrated end-to-end outsourcing and delivers transformational benefits to its clients through reduced costs, ongoing productivity improvements, and process re
Sopra Steria
Sopra Steria, a major Tech player in Europe with 51,000 employees in nearly 30 countries, is recognised for its consulting, digital services and solutions. It helps its clients drive their digital transformation and obtain tangible and sustainable benefits. The Group provides end-to-end solutions to
NTT DATA, Inc.
NTT DATA, Inc. is a trusted global innovator of business and technology services. We're committed to helping clients innovate, optimize and transform for long-term success. Our R&D investments help organizations and society move confidently and sustainably into the digital future. As a Global Top Em
.png)
CGI CyberSecurity News
March 17, 2026 12:05 PM
News - Hackers claim breach of CGI Sweden, leak allegedly tied to BankID login infrastructure
CGI Inc. confirmed a cybersecurity incident affecting internal systems in its Swedish division after hackers claimed to have stolen data...
March 16, 2026 07:00 AM
Sweden’s digital ID provider CGI Sweden confirms data breach
Hackers have claimed a breach of CGI Sweden, leaking source code and credentials tied to systems used by the Swedish Tax Agency and BankID...
March 14, 2026 07:00 AM
Sweden Investigates Suspected Hack of E-Government Platform
Hackers are increasingly attacking Europe's public online systems, cybersecurity company says.
March 13, 2026 02:14 PM
Sweden probes reported leak of e-government platform source code
A threat actor has claimed to have leaked source code and other sensitive material tied to Sweden's e-government platform, prompting an investigation by...
March 13, 2026 07:00 AM
Sweden probes reported leak of e-government platform source code
A threat actor has claimed to have leaked source code and other sensitive material it said came from CGI Sverige, the Swedish subsidiary of...
March 11, 2026 07:00 AM
Why CGI Inc (GIB.A) Is Quietly Becoming a US Tech Power Play
You hear about Big Tech all day, but there is a low-key Canadian IT giant quietly scooping billion-dollar US deals, riding AI and government...
February 26, 2026 08:00 AM
Why CGI Inc (GIB.A) Just Popped Onto Wall Street’s Radar For 2026
CGI Inc looks boring on paper - but its latest AI and U.S. government wins could quietly reshape how banks, agencies, and brands run their...
February 25, 2026 08:00 AM
Brian Baney Interview on AI, Data Growth, Cybersecurity
Brian Baney, CGI Federal SVP for Army and other defense agencies, spoke with ExecutiveBiz about AI, cyber and federal data growth.
February 20, 2026 08:00 AM
CGI Inc Stock: Quiet Tech Contractor With Big U.S. Upside?
CGI Inc rarely makes headlines, yet Wall Street is quietly upgrading the stock as U.S. federal IT spend and AI-driven modernization ramp up.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
CGI CyberSecurity History Information
Official Website of CGI
The official website of CGI is https://cgi.com.
CGI’s AI-Generated Cybersecurity Score
According to Rankiteo, CGI’s AI-generated cybersecurity score is 739, reflecting their Moderate security posture.
How many security badges does CGI’ have ?
According to Rankiteo, CGI currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Has CGI been affected by any supply chain cyber incidents ?
According to Rankiteo, CGI has been affected by a supply chain cyber incident involving CGI, with the incident ID CGI1773398582.
Does CGI have SOC 2 Type 1 certification ?
According to Rankiteo, CGI is not certified under SOC 2 Type 1.
Does CGI have SOC 2 Type 2 certification ?
According to Rankiteo, CGI does not hold a SOC 2 Type 2 certification.
Does CGI comply with GDPR ?
According to Rankiteo, CGI is not listed as GDPR compliant.
Does CGI have PCI DSS certification ?
According to Rankiteo, CGI does not currently maintain PCI DSS compliance.
Does CGI comply with HIPAA ?
According to Rankiteo, CGI is not compliant with HIPAA regulations.
Does CGI have ISO 27001 certification ?
According to Rankiteo,CGI is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of CGI
CGI operates primarily in the IT Services and IT Consulting industry.
Number of Employees at CGI
CGI employs approximately 70,253 people worldwide.
Subsidiaries Owned by CGI
CGI presently has no subsidiaries across any sectors.
CGI’s LinkedIn Followers
CGI’s official LinkedIn profile has approximately 1,865,028 followers.
NAICS Classification of CGI
CGI is classified under the NAICS code 5415, which corresponds to Computer Systems Design and Related Services.
CGI’s Presence on Crunchbase
No, CGI does not have a profile on Crunchbase.
CGI’s Presence on LinkedIn
Yes, CGI maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/cgi.
Cybersecurity Incidents Involving CGI
As of March 28, 2026, Rankiteo reports that CGI has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
CGI has an estimated 39,818 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at CGI ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
How does CGI detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an incident response plan activated with yes, and communication strategy with public acknowledgment of the incident..
Incident Details
Can you provide details on each incident ?
Title: Swedish E-Government Platform Source Code Leaked in Suspected Cyberattack
Description: A threat actor known as *ByteToBreach* has claimed responsibility for leaking source code and sensitive materials tied to Sweden’s e-government infrastructure, triggering an investigation by Swedish authorities and an incident response from CGI Sverige, the local subsidiary of global IT firm CGI Group. The breach allegedly exposed internal files, including source code, configuration files, staff databases, and potentially citizens’ personally identifiable information (PII).
Type: Data Breach
Threat Actor: ByteToBreach
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach CGI1773398582
Data Compromised: Source code, configuration files, staff databases, potentially citizens’ personally identifiable information (PII)
Systems Affected: Two non-production test servers
Brand Reputation Impact: Raises concerns due to Sweden’s heavy reliance on e-government services
Identity Theft Risk: Potential risk due to exposure of PII
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Source Code, Configuration Files, Staff Databases, Personally Identifiable Information (Pii) and .
Which entities were affected by each incident ?
Incident : Data Breach CGI1773398582
Entity Name: CGI Sverige
Entity Type: IT Services
Industry: Government/IT
Location: Sweden
Customers Affected: Potentially Sweden’s 10.7 million population using e-government services
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach CGI1773398582
Incident Response Plan Activated: Yes
Communication Strategy: Public acknowledgment of the incident
What is the company's incident response plan?
Incident Response Plan: The company's incident response plan is described as Yes.
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach CGI1773398582
Type of Data Compromised: Source code, Configuration files, Staff databases, Personally identifiable information (pii)
Sensitivity of Data: High (PII, internal files)
Data Exfiltration: Yes
Personally Identifiable Information: Yes
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Data Breach CGI1773398582
Regulatory Notifications: Authorities including CERT-SE and the National Cyber Security Center notified
References
Where can I find more information about each incident ?
Incident : Data Breach CGI1773398582
Source: Cybersecurity accounts on X, local media
Incident : Data Breach CGI1773398582
Source: Threat Landscape (threat intelligence platform)
Incident : Data Breach CGI1773398582
Source: Eurostat data
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Cybersecurity accounts on X, local media, and Source: Threat Landscape (threat intelligence platform), and Source: Eurostat data.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Data Breach CGI1773398582
Investigation Status: Ongoing
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Public acknowledgment of the incident.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Data Breach CGI1773398582
Stakeholder Advisories: Swedish authorities (CERT-SE, National Cyber Security Center) are investigating
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Swedish authorities (CERT-SE and National Cyber Security Center) are investigating.
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident was an ByteToBreach.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Source code, configuration files, staff databases and potentially citizens’ personally identifiable information (PII).
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Source code, configuration files, staff databases and potentially citizens’ personally identifiable information (PII).
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are Threat Landscape (threat intelligence platform), Cybersecurity accounts on X, local media and Eurostat data.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing.
Stakeholder and Customer Advisories
What was the most recent stakeholder advisory issued ?
Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was Swedish authorities (CERT-SE, National Cyber Security Center) are investigating, .
.png)
Latest Global CVEs (Not Company-Specific)
Description
A flaw has been found in wandb OpenUI up to 1.0. This affects the function create_share/get_share of the file backend/openui/server.py of the component HTMLAnnotator Component. Executing a manipulation of the argument ID can lead to HTML injection. The attack may be performed from remote. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Risk Information
cvss2
Base: 5.0
Severity: LOW
AV:N/AC:L/Au:N/C:N/I:P/A:N
cvss3
Base: 4.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A vulnerability was detected in QDOCS Smart School Management System up to 7.2. The impacted element is an unknown function of the file /admin/enquiry of the component Admission Enquiry Module. Performing a manipulation of the argument Note results in cross site scripting. The attack is possible to be carried out remotely.
Risk Information
cvss2
Base: 4.0
Severity: LOW
AV:N/AC:L/Au:S/C:N/I:P/A:N
cvss3
Base: 3.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
cvss4
Base: 5.1
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
The Ultimate Member plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.11.2. This is due to the '{usermeta:password_reset_link}' template tag being processed within post content via the '[um_loggedin]' shortcode, which generates a valid password reset token for the currently logged-in user viewing the page. This makes it possible for authenticated attackers, with Contributor-level access and above, to craft a malicious pending post that, when previewed by an Administrator, generates a password reset token for the Administrator and exfiltrates it to an attacker-controlled server, leading to full account takeover.
Risk Information
cvss3
Base: 8.0
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
References
- https://github.com/ultimatemember/ultimatemember/pull/1799
- https://plugins.trac.wordpress.org/browser/ultimate-member/tags/2.11.2/includes/um-short-functions.php#L205
- https://plugins.trac.wordpress.org/changeset/3492178/ultimate-member/trunk/includes/um-short-functions.php
- https://www.wordfence.com/threat-intel/vulnerabilities/id/baafd001-144d-4ee4-b7e6-28c0931e6e10?source=cve
Description
LibJWT is a C JSON Web Token Library. Starting in version 3.0.0 and prior to version 3.3.0, the JWK parsing for RSA-PSS did not protect against a NULL value when expecting to parse JSON string values. A specially crafted JWK file could exploit this behavior by using integers in places where the code expected a string. This was fixed in v3.3.0. A workaround is available. Users importing keys through a JWK file should not do so from untrusted sources. Use the `jwk2key` tool to check for validity of a JWK file. Likewise, if possible, do not use JWK files with RSA-PSS keys.
Risk Information
cvss4
Base: 5.8
Severity: HIGH
CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:A/VC:L/VI:L/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. Starting in version 2.0.39 and prior to version 3.0.25, a prototype pollution vulnerability exists in the `parse_str` function of the npm package locutus. An attacker can pollute `Object.prototype` by overriding `RegExp.prototype.test` and then passing a crafted query string to `parse_str`, bypassing the prototype pollution guard. This vulnerability stems from an incomplete fix for CVE-2026-25521. The CVE-2026-25521 patch replaced the `String.prototype.includes()`-based guard with a `RegExp.prototype.test()`-based guard. However, `RegExp.prototype.test` is itself a writable prototype method that can be overridden, making the new guard bypassable in the same way as the original — trading one hijackable built-in for another. Version 3.0.25 contains an updated fix.
Risk Information
cvss4
Base: 6.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
- https://github.com/locutusjs/locutus/commit/345a6211e1e6f939f96a7090bfeff642c9fcf9e4
- https://github.com/locutusjs/locutus/pull/597
- https://github.com/locutusjs/locutus/releases/tag/v3.0.25
- https://github.com/locutusjs/locutus/security/advisories/GHSA-vc8f-x9pp-wf5p
- https://github.com/locutusjs/locutus/security/advisories/GHSA-vc8f-x9pp-wf5p
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=cgi' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
