Comparison Overview

Gucci

VS

Pandora

Gucci

Via Don Lorenzo Perosi, 6, Casellina di Scandicci, 50018, IT
Last Update: 2026-04-03
View Profile
Between 800 and 849
https://careers.gucci.com/

Founded in Florence, Italy in 1921, Gucci is one of the world’s leading luxury brands. Following the House’s centenary, Gucci forges ahead continuing to redefine fashion and luxury while celebrating creativity, Italian craftsmanship, and innovation. Gucci is part of the global luxury group Kering, which manages renowned Houses in fashion, leather goods, jewelry, and eyewear. Discover more about Gucci at www.gucci.com.

NAICS: 4483
NAICS Definition: Jewelry, Luggage, and Leather Goods Stores
Employees: 19,535
Subsidiaries: 13
12-month incidents
0
Known data breaches
1
Attack type number
2
View Profile

Pandora

Havneholmen 17-19, Copenhagen, 1561, DK
Last Update: 2026-04-02
Between 750 and 799
http://www.pandoragroup.com

Pandora is the world’s largest jewellery brand. The company designs, manufactures and markets hand-finished jewellery made from high-quality materials at affordable prices Pandora jewellery is sold in more than 100 countries through more than 6,500 points of sale, including more than 2,500 concept stores. Headquartered in Copenhagen, Denmark, Pandora employs 32,000 people worldwide and crafts its jewellery at two LEED-certified facilities in Thailand using mainly recycled silver and gold. Pandora is committed to leadership in sustainability and has set science-based targets to reduce greenhouse gas emissions by 50% across its own operations and value chain by 2030. The company is listed on the Nasdaq Copenhagen stock exchange and generated revenue of DKK 26.5 billion (EUR 3.6 billion) in 2022. See all our products and collections on pandora.net Visit our guidelines for this channel, and what types of post we accept here: https://pandoragroup.com/media/Corporate-social-media-principles

NAICS: 4483
NAICS Definition: Jewelry, Luggage, and Leather Goods Stores
Employees: 20,836
Subsidiaries: 0
12-month incidents
0
Known data breaches
1
Attack type number
1

Compliance Badges Comparison

Security & Compliance Standards Overview

https://images.rankiteo.com/companyimages/gucci.jpeg
Gucci
ISO 27001
ISO 27001 certification not verified
Not verified
SOC2 Type 1
SOC2 Type 1 certification not verified
Not verified
SOC2 Type 2
SOC2 Type 2 certification not verified
Not verified
GDPR
GDPR certification not verified
Not verified
PCI DSS
PCI DSS certification not verified
Not verified
HIPAA
HIPAA certification not verified
Not verified
https://images.rankiteo.com/companyimages/pandora-a-s.jpeg
Pandora
ISO 27001
ISO 27001 certification not verified
Not verified
SOC2 Type 1
SOC2 Type 1 certification not verified
Not verified
SOC2 Type 2
SOC2 Type 2 certification not verified
Not verified
GDPR
GDPR certification not verified
Not verified
PCI DSS
PCI DSS certification not verified
Not verified
HIPAA
HIPAA certification not verified
Not verified
Compliance Summary
Gucci
100%
Compliance Rate
0/4 Standards Verified
Pandora
0%
Compliance Rate
0/4 Standards Verified

Benchmark & Cyber Underwriting Signals

Incidents vs Retail Luxury Goods and Jewelry Industry Average (This Year)

No incidents recorded for Gucci in 2026.

Incidents vs Retail Luxury Goods and Jewelry Industry Average (This Year)

No incidents recorded for Pandora in 2026.

Incident History — Gucci (X = Date, Y = Severity)

Gucci cyber incidents detection timeline including parent company and subsidiaries

Incident History — Pandora (X = Date, Y = Severity)

Pandora cyber incidents detection timeline including parent company and subsidiaries

Notable Incidents

Last 3 Security & Risk Events by Company

https://images.rankiteo.com/companyimages/gucci.jpeg
Gucci
Incidents

Date Detected: 4/2025
Type:Cyber Attack
Attack Vector: Credential Theft (Salesforce Logins), Social Engineering
Motivation: Financial Gain, Data Exfiltration for Secondary Exploitation
Blog: Blog

Date Detected: 6/2024
Type:Breach
Attack Vector: Compromised Cloud Account (Salesforce), Credential Theft/Phishing (likely)
Motivation: Financial Gain (Ransom Demand), Data Theft for Resale
Blog: Blog
https://images.rankiteo.com/companyimages/pandora-a-s.jpeg
Pandora
Incidents

Date Detected: 8/2025
Type:Breach
Attack Vector: Supply Chain Attack
Blog: Blog

FAQ

Gucci company demonstrates a stronger AI Cybersecurity Score compared to Pandora company, reflecting its advanced cybersecurity posture governance and monitoring frameworks.

Gucci company has faced a higher number of disclosed cyber incidents historically compared to Pandora company.

In the current year, Pandora company and Gucci company have not reported any cyber incidents.

Neither Pandora company nor Gucci company has reported experiencing a ransomware attack publicly.

Both Pandora company and Gucci company have disclosed experiencing at least one data breach.

Gucci company has reported targeted cyberattacks, while Pandora company has not reported such incidents publicly.

Neither Gucci company nor Pandora company has reported experiencing or disclosing vulnerabilities publicly.

Neither Gucci nor Pandora holds any compliance certifications.

Neither company holds any compliance certifications.

Gucci company has more subsidiaries worldwide compared to Pandora company.

Pandora company employs more people globally than Gucci company, reflecting its scale as a Retail Luxury Goods and Jewelry.

Neither Gucci nor Pandora holds SOC 2 Type 1 certification.

Neither Gucci nor Pandora holds SOC 2 Type 2 certification.

Neither Gucci nor Pandora holds ISO 27001 certification.

Neither Gucci nor Pandora holds PCI DSS certification.

Neither Gucci nor Pandora holds HIPAA certification.

Neither Gucci nor Pandora holds GDPR certification.

Latest Global CVEs (Not Company-Specific)

Description

A vulnerability was found in Nothings stb up to 1.26. Impacted is the function stbtt_InitFont_internal in the library stb_truetype.h of the component TTF File Handler. Performing a manipulation results in out-of-bounds read. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

Published
Date
2026-04-01
Updated
Date
2026-04-01
Risk Information
cvss2
Base: 5.0
Severity: LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
cvss3
Base: 4.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read in VS6ComFile!get_macro_mem_COM. Opening a crafted V7 file may lead to information disclosure from the affected product.

Published
Date
2026-04-01
Updated
Date
2026-04-01
Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

V-SFT versions 6.2.10.0 and prior contain a stack-based buffer overflow in VS6ComFile!CSaveData::_conv_AnimationItem. Opening a crafted V7 file may lead to arbitrary code execution on the affected product.

Published
Date
2026-04-01
Updated
Date
2026-04-01
Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulnerability in VS6MemInIF!set_temp_type_default. Opening a crafted V7 file may lead to information disclosure from the affected product.

Published
Date
2026-04-01
Updated
Date
2026-04-01
Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulnerability in VS6ComFile!load_link_inf. Opening a crafted V7 file may lead to information disclosure from the affected product.

Published
Date
2026-04-01
Updated
Date
2026-04-01
Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References