February 4, 2024 at 10:42AM
Clorox incurred $49 million in costs following a cyberattack in 2023, leading to system shutdowns, order processing delays, and product shortages. The company anticipates an additional $50-$60 million in costs in 2024. While it suspects the attack may have been ransomware, details about the attack remain undisclosed. Dominic Alvieri suggested involvement of the BlackCat ransomware group, although this has yet to be confirmed.
Based on the meeting notes, the key takeaways are:
– Clorox suffered a damaging cyberattack in August 2023 which resulted in significant disruptions to its operations, including order processing delays and product shortages, impacting sales and earnings.
– The company incurred $49 million in costs related to the cyberattack by the end of 2023, and expects to incur an additional $50-$60 million in FY24. These costs include losses caused by disruptions and expenses for investigation and remediation.
– Clorox has not recognized any insurance proceeds related to the cyberattack, and the timing of insurance recoveries may differ from the timing of recognizing the associated expenses.
– While Clorox has not shared specific details about the cyberattack, it was likely a ransomware attack, possibly perpetrated by the BlackCat and Alphv ransomware group, although this has yet to be confirmed.
– It was reported that BlackCat was targeted in a law enforcement operation in December, but the cybercriminals did not seem intimidated by the actions taken against their infrastructure.
– The news from Clorox follows similar incidents in other organizations, such as Johnson Controls, MGM Resorts, City of Dallas, and Capita, all of which suffered ransomware attacks resulting in substantial financial costs.