Comparison Overview

Subway

US

Last Update: 2026-04-02

Between 750 and 799

http://www.subway.com

Subway is one of the world's largest quick service restaurant brands, serving freshly made-to-order sandwiches, wraps, salads and bowls to millions of guests, across over 100 countries in more than 37,000 restaurants every day. Subway restaurants are owned and operated by Subway franchisees – a network that includes more than 20,000 dedicated entrepreneurs and small business owners – who are committed to delivering the best guest experience possible in their local communities. Ready to join the Subway team? There are plenty of incredible opportunities to be part of Subway, from our corporate headquarters and worldwide regional offices to our remote development teams. Our thousands of franchised restaurants across the globe offer opportunities for talented, motivated people to join their teams. Browse opportunities at our dual-headquarters offices in Shelton, CT, and Miami, FL, offices as well as regional offices at https://www.subway.com/en-US/Careers. For opportunities at Subway Restaurants around the world, please visit www.mysubwaycareer.com.

NAICS: 7225

NAICS Definition: Restaurants and Other Eating Places

Employees: 115,155

Subsidiaries: 1

12-month incidents

0

Known data breaches

0

Attack type number

1

View Profile

ZAMP

São Paulo, SP, BR, 05501-050

Last Update: 2026-04-02

Between 750 and 799

https://www.zamp.com.br/

Somos um grande ecossistema de restaurantes que reúne marcas internacionais como Burger King®, Popeyes®, Starbucks® e Subway®. E, por trás de cada receita de sucesso, estão os Zampers: gente que faz acontecer, que joga junto e que deixa sua marca todos os dias. Aqui, a gente acredita que o verdadeiro sabor do sucesso é ter espaço pra criar, crescer, liderar e ser quem você é. Usamos tecnologia, inovação e muita parceria para entregar experiências que surpreendem nossos clientes e geram oportunidades para o nosso time. Temos apetite pelo futuro e ousadia para conquistar novos mercados, novos sabores e novas conexões. Porque grandes marcas só existem quando grandes pessoas constroem algo maior do que elas mesmas. Isso é a Zamp®: um ecossistema de restaurantes e pessoas em constante evolução.

NAICS: 7225

NAICS Definition: Restaurants and Other Eating Places

Employees: 11,270

Subsidiaries: 1

12-month incidents

0

Known data breaches

0

Attack type number

0

Subway

—

ISO 27001

Not verified

—

SOC2 Type 1

Not verified

—

SOC2 Type 2

Not verified

—

GDPR

Not verified

—

PCI DSS

Not verified

—

HIPAA

Not verified

ZAMP

—

ISO 27001

Not verified

—

SOC2 Type 1

Not verified

—

SOC2 Type 2

Not verified

—

GDPR

Not verified

—

PCI DSS

Not verified

—

HIPAA

Not verified

Incidents vs Restaurants Industry Average (This Year)

No incidents recorded for Subway in 2026.

Incidents vs Restaurants Industry Average (This Year)

No incidents recorded for ZAMP in 2026.

Incident History — Subway (X = Date, Y = Severity)

Subway cyber incidents detection timeline including parent company and subsidiaries

Incident History — ZAMP (X = Date, Y = Severity)

ZAMP cyber incidents detection timeline including parent company and subsidiaries

Subway

Incidents

Date Detected: 8/2021

Type:Ransomware

Attack Vector: Stolen credentials (dark web marketplaces), Phishing schemes, Exploitation of unpatched vulnerabilities

Motivation: Financial gain, Data extortion

Blog: Blog

ZAMP

Incidents

No Incident

ZAMP company demonstrates a stronger AI Cybersecurity Score compared to Subway company, reflecting its advanced cybersecurity posture governance and monitoring frameworks.

Subway company has historically faced a number of disclosed cyber incidents, whereas ZAMP company has not reported any.

In the current year, ZAMP company and Subway company have not reported any cyber incidents.

Subway company has confirmed experiencing a ransomware attack, while ZAMP company has not reported such incidents publicly.

Neither ZAMP company nor Subway company has reported experiencing a data breach publicly.

Neither ZAMP company nor Subway company has reported experiencing targeted cyberattacks publicly.

Neither Subway company nor ZAMP company has reported experiencing or disclosing vulnerabilities publicly.

Neither Subway nor ZAMP holds any compliance certifications.

Neither company holds any compliance certifications.

Both ZAMP company and Subway company have a similar number of subsidiaries worldwide.

Subway company employs more people globally than ZAMP company, reflecting its scale as a Restaurants.

Neither Subway nor ZAMP holds SOC 2 Type 1 certification.

Neither Subway nor ZAMP holds SOC 2 Type 2 certification.

Neither Subway nor ZAMP holds ISO 27001 certification.

Neither Subway nor ZAMP holds PCI DSS certification.

Neither Subway nor ZAMP holds HIPAA certification.

Neither Subway nor ZAMP holds GDPR certification.

Description

A vulnerability was found in Nothings stb up to 1.26. Impacted is the function stbtt_InitFont_internal in the library stb_truetype.h of the component TTF File Handler. Performing a manipulation results in out-of-bounds read. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

Published

Date

2026-04-01

Updated

Date

2026-04-01

Risk Information

cvss2

Base: 5.0

Severity: LOW

AV:N/AC:L/Au:N/C:N/I:N/A:P

cvss3

Base: 4.3

Severity: LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

cvss4

Base: 5.3

Severity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

References

Description

V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read in VS6ComFile!get_macro_mem_COM. Opening a crafted V7 file may lead to information disclosure from the affected product.

Published

Date

2026-04-01

Updated

Date

2026-04-01

Risk Information

cvss3

Base: 7.8

Severity: LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

cvss4

Base: 8.4

Severity: LOW

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

References

Description

V-SFT versions 6.2.10.0 and prior contain a stack-based buffer overflow in VS6ComFile!CSaveData::_conv_AnimationItem. Opening a crafted V7 file may lead to arbitrary code execution on the affected product.

Published

Date

2026-04-01

Updated

Date

2026-04-01

Risk Information

cvss3

Base: 7.8

Severity: LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

cvss4

Base: 8.4

Severity: LOW

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

References

Description

V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulnerability in VS6MemInIF!set_temp_type_default. Opening a crafted V7 file may lead to information disclosure from the affected product.

Published

Date

2026-04-01

Updated

Date

2026-04-01

Risk Information

cvss3

Base: 7.8

Severity: LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

cvss4

Base: 8.4

Severity: LOW

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

References

Description

V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulnerability in VS6ComFile!load_link_inf. Opening a crafted V7 file may lead to information disclosure from the affected product.

Published

Date

2026-04-01

Updated

Date

2026-04-01

Risk Information

cvss3

Base: 7.8

Severity: LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

cvss4

Base: 8.4

Severity: LOW

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

References

Badge your company to reduce your risk score and your cyber insurance costs!

Comparison Overview

Subway

VS

ZAMP

Subway

ZAMP

Compliance Badges Comparison

Benchmark & Cyber Underwriting Signals

Incidents vs Restaurants Industry Average (This Year)

Incidents vs Restaurants Industry Average (This Year)

Incident History — Subway (X = Date, Y = Severity)

Incident History — ZAMP (X = Date, Y = Severity)

Notable Incidents

No Incident

FAQ

Latest Global CVEs (Not Company-Specific)

CVE-2026-5314

Risk Information

CVE-2026-32929

Risk Information

CVE-2026-32928

Risk Information

CVE-2026-32927

Risk Information

CVE-2026-32926

Risk Information

Badge your company to reduce your risk score and your cyber insurance costs!

Comparison Overview

Subway

VS

ZAMP

Subway

ZAMP

Compliance Badges Comparison

Benchmark & Cyber Underwriting Signals

Incidents vs Restaurants Industry Average (This Year)

Incidents vs Restaurants Industry Average (This Year)

Incident History — Subway (X = Date, Y = Severity)

Incident History — ZAMP (X = Date, Y = Severity)

Notable Incidents

🔒 Incident : Ransomware SUBPRO1768802374

No Incident

FAQ

Between Subway company and ZAMP company, which one has the best AI Cybersecurity Score ?

Between Subway company and ZAMP company, which one has experienced more cyber incidents in the past ?

Between Subway company and ZAMP company, which one has experienced more cyber incidents this year ?

Between Subway company and ZAMP company, which one has experienced at least one ransomware attack ?

Between Subway company and ZAMP company, which one has experienced at least one data breach ?

Between Subway company and ZAMP company, which one has experienced at least one targeted cyberattack ?

Between Subway company and ZAMP company, which one has experienced at least one vulnerability ?

Between Subway company and ZAMP company, which one holds the most compliance certifications ?

Between Subway company and ZAMP company, which one holds the fewest compliance certifications ?

Between Subway company and ZAMP company, which one has the most subsidiaries ?

Between Subway company and ZAMP company, which one has the largest number of employees ?

Between Subway and ZAMP, which company holds both SOC 2 Type 1 certifications ?

Between Subway and ZAMP, which company holds both SOC 2 Type 2 certifications ?

Which company is ISO 27001 certified — Subway or ZAMP ?

Which company is PCI DSS compliant — Subway or ZAMP ?

Between Subway and ZAMP, which company complies with HIPAA regulations for healthcare data ?

Between Subway and ZAMP, which company complies with GDPR requirements ?

Latest Global CVEs (Not Company-Specific)

CVE-2026-5314

Risk Information

CVE-2026-32929

Risk Information

CVE-2026-32928

Risk Information

CVE-2026-32927

Risk Information

CVE-2026-32926

Risk Information