Clorox 2023 Cyberattack Damages to Exceed $49 Million, Expects to Incur Additional Costs in 2024
Clorox, the well-known manufacturer of cleaning products, recently disclosed in a filing with the Securities and Exchange Commission (SEC) that it anticipates significant financial repercussions from a cyberattack it endured in August 2023. This breach compelled Clorox to shut down various systems, leading to widespread disruptions such as delays in order processing and substantial product shortages, consequently affecting both sales and earnings.
Clorox's Costly Cyberattack
By the conclusion of 2023, Clorox had accrued costs amounting to $49 million attributed to the cyberattack. These expenses encompass not only the direct losses incurred from the disruptions but also payments made to external parties enlisted to investigate and address the attack's ramifications.
Looking ahead to fiscal year 2024, Clorox anticipates incurring an additional $50-$60 million in costs related to the cyberattack, with a post-tax impact ranging from $38 to $46 million. Notably, the company has yet to receive any insurance proceeds related to the incident, and the timing of potential reimbursements may vary from the recognition of associated expenses.
Ransomware Suspicions and Data Theft Uncertainty
While Clorox has refrained from divulging specifics about the cyberattack, the nature of its impact suggests a ransomware incident, although details regarding potential data theft remain undisclosed. Security researcher Dominic Alvieri suggested in November that a ransomware group known as BlackCat and Alphv orchestrated the attack, yet this attribution remains unverified.
The disclosure by Clorox follows closely on the heels of revelations from Johnson Controls, a leader in building technology, regarding expenses exceeding $27 million stemming from a ransomware attack in September 2023. These incidents underscore the escalating threat posed by cyberattacks to businesses across diverse sectors, emphasizing the critical imperative for robust cybersecurity measures.