Ypê operates its SAP infrastructure through Rimini Street, severing its connection to official patches from the German vendor. The setup exposes the company's central ERP—which processes orders, logistics and financial data—to security vulnerabilities documented in SAP's public bulletins.
Third-party ERP support cuts costs up to 50% versus official maintenance but creates vulnerability windows. SAP publishes monthly security corrections via Security Notes; providers like Rimini Street offer functional support but don't guarantee timing or technical parity with all security patches.
Critical CVEs in SAP Basis modules, Netweaver and ABAP interfaces remained unpatched for 60-90 days in third-party environments in 2025, according to Onapsis research. Attackers exploit this gap: SAP attacks grew 34% in Brazil in 2025, targeting consumer goods companies with broad integration surfaces.
Ypê's ERP connects to hundreds of suppliers, distributors and retail systems across Latin America. A breach in the central environment could compromise pricing data, product formulas and commercial contracts—strategic assets in the cleaning and personal care market, where the company competes with multinationals like Unilever and Reckitt Benckiser.
The company hasn't disclosed cybersecurity investments or migration timelines to SAP S/4HANA, the platform with native security architecture. Competitors including Unilever and Reckitt completed the transition in Brazil by 2024, eliminating dependence on legacy stacks.
Brazil's ANPD data authority and Central Bank expanded oversight of data security in 2026, including suppliers to retail networks. Outdated ERP infrastructures face fines up to 2% of revenue under LGPD and sector regulations. For a company with estimated R$3 billion ($600M) revenue, potential liability exceeds R$60 million ($12M) per incident.
Security experts recommend quarterly patch audits, ERP network segmentation and accelerated migration to actively supported platforms. Optimal scenario: complete replacement of SAP ECC stack with S/4HANA by 2027, before SAP's extended support ends in 2030.
Sources:
1 Yahoo Finance, "Rimini Street Announces Fiscal Fourth Quarter and Annual 2025 Financial and Operating Results" (February 19, 2026)
2 Yahoo Finance, "Ypê Deepens Partnership with Rimini Street to Accelerate Agentic AI and Maximize ERP Value" (January 27, 2026)