By Gregory Hale
After the August 14 cyberattack against Oakland, California-based Clorox, the company is now saying expenses to handle the hack were $49 million for the six-month period.

The attack on the cleaning products manufacturer not only caused operational disruption, it is delayed production for a month after the attack. In a quarterly 10-Q report to the Securities and Exchange Commission (SEC), the company repeated the details of the incident.

“On Monday, August 14, 2023, the company disclosed it had identified unauthorized activity on some of its Information Technology (IT) systems. That activity began on Friday, August 11, 2023 and after becoming aware of it that evening, the company immediately began taking steps to stop and remediate the activity.

“The company also took certain systems offline and engaged third-party cybersecurity experts to support its investigation and recovery efforts. The company implemented its business continuity plans, including manual ordering and processing procedures at a reduced rate of operations in order to continue servicing its customers. However, the incident resulted in wide-scale disruptions to the Company’s business operations throughout the remainder of the quarter ended September 30, 2023.

Schneider Bold

“The impacts of these system disruptions included order processing delays and significant product outages, resulting in a negative impact on net sales and earnings. The Company has since transitioned back to automated order processing. The Company experienced lessening operational impacts in the second quarter as it made progress in returning to normalized operations,” the company said in the report

Effects of the cyberattack will have a negative impact on fiscal year 2024 results, the company said in the report.

“The company also incurred incremental expenses of approximately $25 (million for three months) and $49 (million for six months) as a result of the cyberattack for the three and six months ended December 31, 2023, respectively. These costs relate to third-party consulting services, including IT recovery and forensic experts and other professional services incurred to investigate and remediate the attack, as well as incremental operating costs incurred from the resulting disruption to the company’s business operations. The company expects to incur lessening costs related to the cyberattack in future periods,” Clorox said in the report.

To date, the company has not recognized any insurance proceeds in the three and six months ended December 31, 2023 related to the cyberattack, the company said. The timing of recognizing insurance recoveries, if any, may differ from the timing of recognizing the associated expenses.

Up to a month after the attack, Clorox said some of its products remained in short supply as it struggled to meet consumer demand during the disruption. Clorox didn’t say which products were in short supply.

Production remained and issue as operations were slow to get back up to full speed. The company said it had been fulfilling and processing orders manually. In this latest report, the company said it “made progress in returning to normalized operations.”


Pin It on Pinterest

Share This