Cleaning products maker Clorox revealed in an SEC filing on Thursday that the damaging cyberattack it suffered last year will cost it tens of millions of dollars.
Clorox was forced to shut down many of its systems due to a cyberattack that targeted the company in August 2023. The incident resulted in wide-scale disruptions, including order processing delays and significant product shortages, which impacted sales and earnings.
The company reported incurring $49 million in costs related to the cyberattack by the end of 2023. These costs include, in addition to losses caused by disruptions, the money paid to third-parties called in to help investigate and remediate the attack.
“In FY24, the company expects to incur approximately $50-$60 [million] ($38-$46 after tax) of costs related to the cyberattack,” Clorox said in its SEC filing.
It added, “The Company has not recognized any insurance proceeds in the three and six months ended December 31, 2023 related to the cyberattack. The timing of recognizing insurance recoveries, if any, may differ from the timing of recognizing the associated expenses.”
Clorox has still not shared any details on the cyberattack. Based on the company’s brief description of impact it was likely a ransomware attack. It’s unclear if the attack involved the theft of corporate or customer information, as is typical these days in ransomware attacks.
Security researcher Dominic Alvieri, who regularly monitors the activities of major ransomware groups, reported in November that the ransomware group known as BlackCat and Alphv was behind the attack, but this has yet to be confirmed.
BlackCat was targeted in a law enforcement operation in December, but the cybercriminals did not seem intimidated when the actions taken against their infrastructure came to light.
The news from Clorox comes just days after building technology giant Johnson Controls revealed that expenses associated with a September 2023 ransomware attack exceeded $27 million.