Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Incident Response

Clorox Says Cyberattack Costs Exceed $49 Million

Cleaning products maker Clorox puts the impact of the damaging cyberattack at $49 million so far and expects to incur more costs in 2024.

Cleaning products maker Clorox revealed in an SEC filing on Thursday that the damaging cyberattack it suffered last year will cost it tens of millions of dollars. 

Clorox was forced to shut down many of its systems due to a cyberattack that targeted the company in August 2023. The incident resulted in wide-scale disruptions, including order processing delays and significant product shortages, which impacted sales and earnings. 

The company reported incurring $49 million in costs related to the cyberattack by the end of 2023. These costs include, in addition to losses caused by disruptions, the money paid to third-parties called in to help investigate and remediate the attack.

“In FY24, the company expects to incur approximately $50-$60 [million] ($38-$46 after tax) of costs related to the cyberattack,” Clorox said in its SEC filing

It added, “The Company has not recognized any insurance proceeds in the three and six months ended December 31, 2023 related to the cyberattack. The timing of recognizing insurance recoveries, if any, may differ from the timing of recognizing the associated expenses.”

Clorox has still not shared any details on the cyberattack. Based on the company’s brief description of impact it was likely a ransomware attack. It’s unclear if the attack involved the theft of corporate or customer information, as is typical these days in ransomware attacks. 

Security researcher Dominic Alvieri, who regularly monitors the activities of major ransomware groups, reported in November that the ransomware group known as BlackCat and Alphv was behind the attack, but this has yet to be confirmed. 

BlackCat was targeted in a law enforcement operation in December, but the cybercriminals did not seem intimidated when the actions taken against their infrastructure came to light. 

Advertisement. Scroll to continue reading.

The news from Clorox comes just days after building technology giant Johnson Controls revealed that expenses associated with a September 2023 ransomware attack exceeded $27 million.

Related: MGM Resorts Says Ransomware Hack Cost $110 Million

Related: City of Dallas Details Ransomware Attack Impact, Costs 

Related: Capita Says Ransomware Attack Will Cost It Up to $25 Million 

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Incident Response

Microsoft has rolled out a preview version of Security Copilot, a ChatGPT-powered tool to help organizations automate cybersecurity tasks.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.

Incident Response

Meta has developed a ten-phase cyber kill chain model that it believes will be more inclusive and more effective than the existing range of...

Cybercrime

Cloud company Rackspace has completed its investigation into the recent ransomware attack and found that the hackers did access some customer resources.