Clorox, an American manufacturer of consumer and professional cleaning products, has confirmed that a cyberattack in September 2023 has resulted in expenses totaling $49 million related to incident response efforts.
With 8,700 employees and revenue of nearly $7.5 billion in 2023, Clorox suffered significant disruption to its operations following the cyberattack on August 11th. This disruption led to reduced production and limited availability of consumer products.
According to an earnings report filed with the SEC, Clorox incurred expenses primarily for third-party consulting services, including IT recovery and forensic experts, along with other professional services to investigate and remediate the attack. Additionally, incremental operating costs were accrued due to the disruption to the company's business operations.
While Clorox continues to recover from the attack, it anticipates decreasing costs associated with the cyberattack in the future.
Clorox Chair and CEO Linda Rendle stated in an 8-K filing, "Our second quarter results reflect strong execution on our recovery plan from the August cyberattack. We are rebuilding retailer inventories ahead of schedule, enabling us to return to merchandising and restore distribution. While there is still more work to do, we're focused on executing with excellence in what remains a challenging environment to drive top-line growth and rebuild margin."
Additionally, Johnson Controls International reported this week that a ransomware attack in September 2023 resulted in $27 million in expenses and a data breach after hackers stole corporate data.
Although Clorox has not provided extensive details about the attack, reports suggest it may have been perpetrated by the hacker collective known as Scattered Spider. This group specializes in social engineering attacks to breach company networks and has been linked to previous attacks on companies such as MGM, Caesars, DoorDash, and Reddit. Notably, Scattered Spider is affiliated with the BlackCat/ALPHV ransomware gang, which typically collaborates with Russian-speaking threat actors.