Pierluigi Paganini September 19, 2023

The cyber attack that hit the cleaning products manufacturer Clorox in August is still affecting the supply of the products to customers.

The Clorox Company is a multinational consumer goods company that specializes in the production and marketing of various household and professional cleaning, health, and personal care products.

The cleaning product giant announced in mid-August it was the victim of a cybersecurity incident that forced it to take some systems offline

“The Clorox Company has identified unauthorized activity on some of its Information Technology (IT) systems. After becoming aware of the activity, the Company began taking steps to stop and remediate the activity, including taking certain systems offline,” the company said in an 8-K filing.

“The Company is working diligently to respond to and address this issue, and is also coordinating with law enforcement. To the extent possible, and in line with its business continuity plans, Clorox has implemented workarounds for certain offline operations in order to continue servicing its customers.”

In response to the cyber attack, the company has taken some of its systems offline while it was implementing additional “protections and hardening measures to further secure them”.

Clorox notified law enforcement and has engaged leading third-party cybersecurity experts to support its investigation and determine the scope of the incident. At this time it is not clear if the attackers have stolen data from the company.

The company also announced it has implemented workarounds for some offline operations to continue servicing its customers.

The company pointed out that the incident has caused, and is expected to continue to cause, disruption to its business operations.

The company did not disclose details of the attack, but the response to the incident suggests it was the victim of a ransomware attack. At this time, no extortion group claimed the attack on the Clorox Company.

This week the company filed a new 8-K form with the US Securities and Exchange Commission (SEC). The company confirmed that the incident was contained due to the measures it has taken to address the incident.

“Based on the information available to date, the Company believes the unauthorized activity is contained due to the steps the Company has taken to address the incident.” reads the 8-K form. “The cybersecurity attack damaged portions of the Company’s IT infrastructure, which caused widescale disruption of Clorox’s operations. The Company is repairing the infrastructure and is reintegrating the systems that were proactively taken offline. The Company expects to begin the process of transitioning back to normal automated order processing the week of Sept. 25. Clorox has already resumed production at the vast majority of its manufacturing sites and expects the ramp up to full production to occur over time. At this time, the Company cannot estimate how long it will take to resume fully normalized operations.”

Clorox states that it is still evaluating the extent of the financial and business impact of the security incident. The attack is still causing delays in order processing and elevated levels of product outages. The Company believes the impact will be material on Q1 financial results.

“It is premature for the Company to determine longer-term impact, including fiscal year outlook, given the ongoing recovery.” continues the form.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Clorox)