Article Details
Scrape Timestamp (UTC): 2024-02-03 21:34:38.330
Original Article Text
Click to Toggle View
Clorox says cyberattack caused $49 million in expenses. Clorox has confirmed that a September 2023 cyberattack has so far cost the company $49 million in expenses related to the response to the incident. Clorox is an American manufacturer of consumer and professional cleaning products with 8,700 employees and almost $7.5 billion in revenue for 2023. On August 11th, Clorox suffered a cyberattack that caused significant disruption in the company's operation, leading to lowered production and decreased availability of consumer products. In an earnings report filed with the SEC on Thursday, Clorox disclosed it incurred $49 million in expenses related to the cyberattack by the end of 2023. "The costs incurred relate primarily to third-party consulting services, including IT recovery and forensic experts and other professional services incurred to investigate and remediate the attack, as well as incremental operating costs incurred from the resulting disruption to the Company's business operations," reads the Clorox 2024 Q2 Quarterly report. The company has acknowledged that they are still working to recover from the attack but expects to incur lessening costs related to the cyberattack in the future. "Our second quarter results reflect strong execution on our recovery plan from the August cyberattack," said Clorox Chair and CEO Linda Rendle in an 8-K filing. "We are rebuilding retailer inventories ahead of schedule, enabling us to return to merchandising and restore distribution. While there is still more work to do, we're focused on executing with excellence in what remains a challenging environment to drive top-line growth and rebuild margin." Johnson Controls International also confirmed this week that a September 2023 ransomware attack cost the company $27 million in expenses, leading to a data breach after hackers stole corporate data. Attack linked to Scattered Spider While Clorox has not provided many details about their attack, Bloomberg reported that it is believed to have been conducted by the hacker collective known as Scattered Spider. Scattered Spider is a loose-knit group of threat actors, many of them English-speaking, who specialize in social engineering attacks to breach a company's networks. What makes Scattered Spider so unusual is they are also affiliates of the BlackCat/ALPHV ransomware gang, who usually only work with Russian-speaking threat actors. Scattered Spider has been previously linked to attacks on MGM, Caesars, DoorDash, and Reddit.
Daily Brief Summary
Clorox encountered a cyberattack in August 2023, leading to significant operational disruptions and decreased product availability.
The cyberattack had tremendous financial implications, with Clorox incurring $49 million in related expenses by the end of the year.
Costs include payments for third-party consulting, IT recovery, forensic investigations, and additional operational expenses due to the attack.
Clorox's report suggests a progressive recovery, with aims to restore distribution, rebuild retailer inventories, and focus on growth and margin improvement.
CEO Linda Rendle reports strong execution on the recovery plan and anticipates reduced future costs associated with the cyberattack.
In a related incident, Johnson Controls International also reported a loss of $27 million due to a September 2023 ransomware attack leading to a data breach.
The cyberattack on Clorox is suspected to be the work of Scattered Spider, a collective known for social engineering and ties to the BlackCat/ALPHV ransomware gang.